Exploit: Phishing attack
Conway Medical Center: Healthcare provider
Risk to Small Business: 1.555 = Severe: Several employees fell for a phishing scam that provided hackers access to patients’ personal data. Although the healthcare provider quickly identified the intrusion and cut off access to those accounts, they can’t recover information already accessed by cybercriminals. As a result, Conway Medical Center will face regulatory scrutiny, which often results in fines and other penalties that can damage their reputation and profitability
Individual Risk: 2 = Severe: Hackers had access to patients’ personally identifiable information, including their names, dates of birth, Social Security numbers, phone numbers, dates of admission, account numbers, and account balances. Conway Medical Center is providing free identify and credit monitoring services to those impacted by the breach, and those affected should enroll in these services. In addition, they should be vigilant about monitoring their accounts for unusual or suspicious activity.
How it Could Affect Your Customers’ Business: This major cybersecurity incident was entirely avoidable, since phishing scams are only effective if employees engage with malicious emails. Unfortunately, Conway Medical Center will now bear the cost of credit and identity monitoring services for thousands of patients, as well as the fines and penalties that often accompany a breach. In contrast, comprehensive employee awareness training is a bargain, protecting your company against the phishing attacks that will inevitably make their way to employee inboxes.
Risk Levels:
1 - 1.5 = Extreme Risk
1.51 - 2.49 = Severe Risk
2.5 - 3 = Moderate Risk
*The risk score is calculated using a formula that considers a wide range of factors related to the assessed breach.
