Community-based healthcare system Methodist Hospitals from Gary, Indiana, disclosed that sensitive personal and medical information for 68,039 individuals may have been exposed following a successful phishing attack against two of its employees.

Methodist provides surgical and medical hospital services, it employs 2,576 individuals, and it reported a total number of 195,055 patient encounters during 2018 according to last year's annual report.

"In June 2019, Methodist learned of unusual activity in an employee’s email account. We immediately commenced an investigation, working with third-party forensic investigators, to assess the nature and scope of the email account activity," says the notice of data incident.

This could cause irreparable damage to the hospital and worst of all potentially could have been prevented.

How?

By reading and taking action. Every organization must understand what phishing and ransomware are.

If not, it is a matter of time before you become a victim.

We have done our best to make it easy to learn and stay secure.

We do this with content – with information on the threats and how to prevent them.

In August we told you schools, government and healthcare is under attack from China. We also created an infographic which explains how to prevent ransomware. Another infographic discusses the hacker threat. Earlier this month, we explained how ten hospitals were hit simultaneously by hackers and this stopped some f them from seeing new patients.

How do you stay secure or at least drastically reduce the risk? Just follow these three steps. Good luck!

We are here if you need us. Just reach out.

1) Read cybersecurity essentials – a simple list which will help most organizations become far more secure.

2) Go to a phishing simulation vendor now and sign up for one of their offerings. Phishing Box, KnowBe4 and Phish360; are all great. This is needed to train workers by testing them without their knowledge by sending real-looking emails to their inboxes. If they click, they are immediately trained on what not to do.

3) We also recommend you get a free evaluation of your cybersecurity risk from an MSP/MSSP immediately – they can also help you build in the needed compliance to reduce the risk of being fined.