HC3 warnings

Fight Back Against Email Bombs and Credential Theft

Learn about two significant cyber threats against healthcare to stop criminals from stealing your data. The HHS Health Sector Cybersecurity Coordination Center (HC3) recently released two sector alerts, each highlighting a different tactic criminals use to hack into your system.

Email bombing and credential harvesting are not new, but cybercriminals use them repeatedly because they work. HC3 has some advice about how to fight back.

Email Bombing

Email bombing, also known as mail bomb or letter bomb attacks, occurs when a botnet (a single actor or group of actors) floods an email address or server with hundreds to thousands of emails. They are a Denial of Service (DoS) attack that allows attackers to bury legitimate transactions and security messages in an unsuspecting inbox by rendering the victim’s mailbox useless. By overloading a victim’s inbox, attackers hope that a victim will miss important emails like account sign-in attempts, updates to contact information, financial transaction details, or online order confirmations.

Defend Against Email Bomb Attacks

HC3 recommends security policies that address both user behavior and technical processes.

Spot the Beginning of an Attack

  • Email bombs can have the following characteristics that users can look for:
    • Lack of Coherence: The content refers to websites or products of which you are not a subscriber or a client.
    • Duplicates of the same email with minor changes.
    • Unknown Email Senders: Attackers frequently employ tactics to conceal their identity, using unfamiliar or spoofed sender e-mail addresses.

Raise Awareness

Many people have never heard of email bomb attacks, so begin with employee training to raise awareness. Staff should also avoid using work email addresses to subscribe to non-work related services. Finally, staff should limit their online exposure to direct email addresses by using contact firms that do not expose email addresses.

Confirmed Opt-In

A confirmed opt-in process sends an email with a unique link to new signups. Once they have clicked the link, you can verify that they are a real user who owns the address they have signed up with, and at that point, you can begin sending them a welcome email. Email bombers will be unable to verify the address and will be prevented from causing damage.

Implement a reCAPTCHA

reCAPTCHA uses technology to determine if a human is using your platform. It requires entering a series of numbers or checking a specific box to prove that the person signing up is real. Email bombing bots are generally unable to bypass a reCAPTCHA, which prevents them from signing up.

Credential Harvesting

Credential harvesting, also known as credential stealing or credential phishing, is a technique that cybercriminals use to obtain login credentials like usernames, passwords, and personal information. These credentials operate as the gateway to an individual’s digital identity and can grant access to various types of information, such as online accounts and health data. The methods employed for credential harvesting are diverse, ranging from sophisticated phishing emails to fake websites and social engineering tactics.

Defend Against Credential Harvesting

  • Employee Training and Awareness: Educate staff about phishing threats and best practices for identifying suspicious emails and websites.
  • Multi-Factor Authentication (MFA): MFA adds a layer of security by requiring users to provide multiple forms of authentication, reducing the effectiveness of cyberattacks.
  • Email Filtering and Spam Detection: Deploying email filtering solutions can help identify and block phishing emails before they reach end-users.
  • Monitoring and Detection: Implement robust monitoring tools to detect suspicious login attempts, unusual user behavior, or unauthorized access.
  • Endpoint Security Solutions: Use endpoint security solutions to help detect and prevent malware-based credential harvesting techniques like keylogging.
  • Patch Management: Keep software and systems up-to-date with the latest security patches and updates to address known vulnerabilities that attackers may exploit to harvest credentials.
  • Incident Response Planning: Develop comprehensive incident response plans to enable prompt and effective strategies to minimize the impact on operations and patients.

The HIPAA Security Rule is a Blueprint to Stop Cybercrime

The Security Rule Checklist in The HIPAA E-Tool® provides all the guidance you need to comply with the HIPAA Security Rule, the gold standard for cybersecurity defense. As part of a more comprehensive HIPAA Risk Analysis, the checklist reminds you of each mitigation step needed to stay ahead of the hackers and keep patient information safe.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2024 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Use | Privacy Policy | Cookies Policy | Privacy Settings | HTML/XML Sitemap

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Powered by JEMSU