News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel

News, Analysis, Trends, Management Innovations for
Clinical Laboratories and Pathology Groups

Hosted by Robert Michel
Sign In

Phishing Remains Top Cyberattack Targeting Healthcare Organizations including Clinical Laboratories and Anatomic Pathology Groups

Clinical laboratories are particularly tasty targets for cybercriminals seeking the abundance of protect health information contained in patient electronic health records

Recent data from cybersecurity company Netwrix of Frisco, Texas, shows that 84% of healthcare organizations—including clinical laboratories and pathology groups—caught at least one cyberattack in the past year and “69% of them faced financial damage as a result.” That’s according to the company’s latest Hybrid Security Trends Report which notes that 24% of healthcare organizations are “fully cloud-based,” as opposed to just 11% of non-healthcare industries.

Phishing was the most common type of incident experienced on premises, similar to other industries. Account compromise topped the list for cloud attacks: 74% of healthcare organizations that spotted a cyberattack reported user or admin account compromise,” the Netwrix report notes.

Phishing, where cybercriminals send fake emails and texts to unsuspecting employees that trick them into providing private information, continues to be one of the most prevalent cyberthreats experienced by healthcare organizations and often serves as the catalyst for much larger and more dangerous cyberattacks.

This is particularly dangerous in clinical laboratories where as much as 80% of protected health information (PHI) in patients’ electronic health records (EHRs) is laboratory test results and other personal medical data.

“Protected health information (PHI) is one of the most expensive types of data sold on darknet forums, which makes healthcare organizations a top target for cybercriminals, said Ilia Sotnikov (above), security strategist and VP of user experience at Netwrix, in the report. Clinical laboratory patient electronic health records are particularly weighted toward PHI. (Photo copyright: Netwrix.)

Don’t Open That Email!

Typical phishing scams begin with innocent-looking emails from companies that appear to be legitimate and often contain language that implies urgent action is needed on the part of the user. These emails can be very convincing, appear to originate from reputable companies, and usually instruct users to open an attachment contained in the email or click on a link that goes to a known company website. However, the site is a fake.

Once the harmful file attachment is opened, users will be directed to download fake software or ransomware that attempts to capture the user’s personal information. When visiting a malicious website, consumers will often receive pop-ups with instructions for updating information, but the true purpose is to harvest personal data.

The federal Office of the Comptroller of the Currency (OCC) suggests the following guidelines for protecting oneself from phishing attacks:

  • Never provide any personal information to an unsolicited request.
  • If you believe the contact is legitimate, initiate a contact with the organization using verified data, usually via telephone.
  • Never provide any passwords over the phone or in response to an unsolicited Internet request.
  • Review any accounts, such as bank statements, often to search for any suspicious activity.

“Healthcare workers regularly communicate with many people they do not know—patients, laboratory assistants, external auditors and more—so properly vetting every message is a huge burden,” said IT security expert Dirk Schrader, VP of security research at Netwrix, in the report. “Plus, they do not realize how critical it is to be cautious, since security awareness training often takes a back seat to the urgent work of taking care of patients. Combined, these factors can lead to a higher rate of security incidents.”

Top 10 Brands Faked in Phishing Scams

Phishing emails often appear to be from legitimate companies to lull the recipient into a false sense of security. In a January 22 report, Check Point Research (CPR) announced its latest Brand Phishing Ranking for the fourth quarter of 2024. The report reveals the brands that were most frequently impersonated in phishing attacks by cybercriminals for the purpose of stealing personal information from consumers.

According to the CPR report, 80% of disclosed brand phishing incidents occurred within just 10 brands (listed below with each brand’s percentage of phishing attacks). They are:

The report also states that the 2024 holiday season saw a surge in phishing campaigns targeting popular clothing brands, including:

According to the report, fraudulent domains “replicated official websites to mislead shoppers with fake discounts, ultimately stealing login credentials and personal information. These fraudulent sites replicate the brand’s logo and offer unrealistically low prices to lure victims. Their goal is to trick users into sharing sensitive information, such as login credentials and personal details, enabling hackers to steal their data effectively.”

Steps Clinical Labs Can Take to Protect Patients’ PHI

Clinical laboratories and pathology groups can take precautions that minimize the risk of allowing cybercriminals access to their patients’ PHI.

“A core defense strategy is to minimize standing privileges by using a privileged access management (PAM) solution. Another is to implement identity threat detection and response (IDTR) tools to quickly block malicious actors using compromised credentials,” said Ilia Sotnikov, security strategist and VP of user experience at Netwrix, in the report.

The threat of phishing scams is a lingering issue that everyone in healthcare should be aware of and take necessary precautions to recognize and prevent having one’s PHI stolen. Clinical laboratory management should constantly remind lab personnel and contractors to be vigilant regarding fake emails and texts from well-known brands that ask for private information.              

—JP Schlingman

Related Information:

84% of Healthcare Organizations Spotted a Cyberattack within the Last 12 Months, and 69% of Them Faced Financial Damage as a Result

2024 Hybrid Security Trends Report

Microsoft is Identified as the Primary Target in Phishing Attacks, with Significant Shifts Observed in the Top 10 Rankings

Exploring Q4 2024 Brand Phishing Trends: Microsoft Remains the Top Target as LinkedIn Makes a Comeback

What is a Phishing Attack?

EU to Take Aim at Healthcare Cyber Threat

Mastering 2025: The Stakes Are High in Battling Cyber Threats

Phishing Attack Prevention: How to Identify and Avoid Phishing Scams

Report: 84% of Healthcare Organizations Identified a Data Breach Last Year

Healthcare Cyberattacks at Two Hospitals Prompt Tough Decisions as Their Clinical Laboratories Are Forced to Switch to Paper Documentation

Cyberattack Renders Healthcare Providers across Ascension’s Hospital Network Unable to Access Medical Records Endangering Patients

Change Healthcare Cyberattack Disrupts Pharmacy Order Processing for Healthcare Providers Nationwide

Asian Cities, Countries Stand Out in the World’s Fight Against COVID-19, US Clinical Laboratory Testing in the Spotlight

Asian locales reacted swiftly to the threat of COVID-19 by leveraging lessons learned from previous pandemics and making use of serology testing in aggressive contact tracing

America’s healthcare leaders in government, hospitals, clinical pathology, and medical laboratories can learn important lessons from the swift responses to the early outbreaks of COVID-19 in countries like Taiwan and South Korea and in cities like Singapore and Hong Kong. 

Strategies such as early intervention, commitment to tracing contacts of infected people within two hours, quarantines, and social distancing all contributed to significantly curtailing the spread of the latest coronavirus pandemic within their borders, The New York Times (NYT) reported.

Another response common to the efforts of these countries and cities was the speedy introduction of clinical laboratory tests for SARS-CoV-2, the novel coronavirus that causes coronavirus disease 2019 (COVID-19), supported by the testing of tens of thousands of people in the earliest stages of the outbreaks in their communities. And that preparation and experience is paying off as those countries and cities continue to address the spread of COVID-19.

‘We Look at SARS as the Dress Rehearsal’

“Maybe it’s because of our Asian context, but our community is sort of primed for this. We will keep fighting, because isolation and quarantine work,” Lalitha Kurupatham, Deputy Director of the Communicable Diseases Division in Singapore, told the NYT. “During peacetime, we plan for epidemics like this.”

Clinical laboratory leaders and pathologists may recall that Hong Kong was the site of the 2003 severe acute respiratory syndrome (SARS) epidemic. About 8,096 people worldwide were infected, and 774 died from SARS, according to the World Health Organization (WHO). In Hong Kong, 299 died out of 1,755 cases. However, Singapore had just 238 cases and 33 deaths.

To what does Singapore attribute the country’s lower COVID-19 infection/death rate today?

“We can look at SARS as the dress rehearsal. The experience was raw, and very, very visceral. And on the back of it, better systems were put in place,” Jeremy Lim, MD, Co-Director of the Leadership Institute for Global Health Transformation at the National University of Singapore, told TIME.

“It’s a mix of carrots and sticks that have so far helped us. The US should learn from Singapore’s response and then adapt what is useful,” Lim added. 

Singapore Debuts Serology Testing for COVID-19 Tracking

It was Singapore where scientists first experimented with serology testing to track the breadth of coronavirus infection in a community, Science reported, adding that the tests are different from the SARS-CoV-2 tests, which analyze genetic material of the virus from a person’s samples. (Dark Daily recently covered such genetic testing in “Advances in Gene Sequencing Technology Enable Scientists to Respond to the Novel Coronavirus Outbreak in Record Time with Medical Lab Tests, Therapies,” March 18, 2020.)

As microbiologists and infectious diseases doctors know, serology tests work by identifying antibodies that are the sources of infection. In the case of COVID-19, these tests may have aided in the surveillance of people infected with the coronavirus.

This is one lesson the US is learning.

“CDC (Centers for Disease Control and Prevention) has developed two serological tests that we’re evaluating right now, so we can get an idea through surveillance what’s the extent of this outbreak and how many people really are infected,” Robert Redfield, MD, CDC Director, told STAT.

Singapore’s Health Ministry and its Duke-NUS Medical School previously used an experimental serology test for contact tracing the source of 23 COVID-19 cases at a Singapore church, according to Science.

The graphic above, which is based on data from the federal Centers for Disease Control and Prevention, illustrates how contact tracing is accomplished. “We believe this is the first time in the world where these particular tests have been used in this context of contact tracing,” Danielle Anderson, PhD, Scientific Director, Duke-NUS Medical School ABSL3 Laboratory, told Science. (Graphic copyright: CDC/Carl Fredrik Sjöland.)

‘Leaving No Stone Unturned’

As of March 27, Singapore (located about 2,374 miles from mainland China with a population of 5.7 million) had reported 732 COVID-19 cases and two deaths, while Hong Kong had reported 518 cases and four deaths.

According to Time, in its effort to battle and treat COVID-19, Singapore took the following steps:

  • Clinical laboratory testing for COVID-19 of all people presenting with “influenza-like” and pneumonia symptoms;
  • Contact tracing of each infected person, including interviews, review of flight manifests, and police involvement;
  • Using locally developed test to find antibodies after COVID-19 clears;
  • Ran ads on page one of newspapers urging people with mild symptoms to see a doctor; and
  • Government paid $100 Singapore dollars per day to quarantined self-employed people. 

“Singapore is leaving no stone unturned,” Tedros Adhanom Ghebreyesus, PhD, Director-General of WHO, told TIME.

The Singapore government’s WhatsApp account shares updates on the coronavirus, and Singapore citizens acquire wearable stickers after having their temperature checked at building entrances, Wired reported. The article also noted teams of healthcare workers are kept separate in hospitals—just in case some workers have to be quarantined.  

FREE Webinar | What Hospital and Health System Labs Need to Know
About Operational Support and Logistics During the COVID-19 Outbreak

Wednesday, April 1, 2020 @ 1PM EDT — Register Now

Meanwhile, in Hong Kong, citizens donned face masks and pressured the government to respond to the COVID-19 outbreak. Officials subsequently tightened borders with mainland China and took other action, the NYT reported.

Once the COVID-19 genetic sequence became available, national medical laboratory networks in Singapore, Hong Kong, and Japan developed their own diagnostic tests, reported The Lancet, which noted that the countries also expanded capacity for testing and changed financing systems, so people would not have to pay for the tests. In Singapore, the government pays for hospitalization as well, noted The Lancet.

Lessons Learned

The US has far less experience with pandemics, as compared to the Asian locales that were affected by the H1N1 influenza (Spanish Flu) of 1918-1920 and the H5N1 influenza (Avian Flu) of 1957-1958.

And, controversially, National Security Council (NSC) officials in 2018 discontinued the federal US Pandemic Response Unit, moving the NSC employees into other government departments, Associated Press reported.

According to the March 26 US Coronavirus Task Force’s televised news conference, 550,000 COVID-19 tests have been completed nationwide and results suggest 86% of those tested are negative for the disease. 

The fast-moving virus and rapidly developing story are placing medical laboratory testing in the global spotlight. Pathologists and clinical laboratory leaders have a unique opportunity to advance the profession, as well as improving the diagnosis of COVID-19 and the health of patients.

—Donna Marie Pocius

Related Information:

Tracking the Coronavirus: How Crowded Asian Cities Tackled an Epidemic

What We Can Learn from Singapore, Taiwan, and Hong Kong About Handling Coronavirus

Singapore Claims First Use of Antibody Test to Track Coronavirus Infections

CDC Developing Serologic Tests That Could Reveal Full Scope of U.S. Coronavirus Outbreak

Singapore Was Ready for COVID-19, Other Countries Take Note

Are High-Performing Health Systems Resilient Against the COVID-19 Epidemic?

Trump Disbanded NSC Pandemic Unit That Experts Had Praised

Advances in Gene Sequencing Technology Enable Scientists to Respond to the Novel Coronavirus Outbreak in Record Time with Medical Lab Tests, Therapies

;