Tag Archives: phishing

Deeper Dive: GLBA-Regulated Financial Institutions Reduce Your Cybersecurity Risk With Rigorous Oversight of Third-Party Service Providers

By Eulonda Skyles on May 8, 2019 Posted in Data Security Incident Response

Financial institutions that are subject to the Gramm-Leach Bliley Act (GLBA) can find practical tips that address their unique data security challenges in the 2019 Data Security Incident Report (DSIR). It appears that money remains a strong motivating force for many threat actors. According to the 2019 report, finance and insurance remain among the sectors … Continue Reading

Deeper Dive: The Scourge of O365 Incidents

By David Kitchen, M. Scott Koller and BakerHostetler on April 11, 2019 Posted in Cybersecurity, Data Security Incident Response

A Growing Menace 2018 saw a continuation of companies moving toward cloud-based email systems. Phishing incidents targeting those systems followed suit. Fully one-third of incidents addressed by our incident response team in 2018 involved unauthorized access to an online email account. Phishing attacks continued to dominate the types of cyberattacks organizations experienced in 2018, owed, … Continue Reading

Best Cybersecurity Practices for Healthcare Organizations – Ransomware Prevention

By Aleksandra Vold and BakerHostetler on February 8, 2019 Posted in HHS, HIPAA/HITECH, Phishing, Ransomware

This article is part of a series of blog posts exploring the recommendations and guidance Health & Human Services (HHS) provides to healthcare organizations in its “Cybersecurity Best Practices” report. For previous articles in the series, click here. The report on cybersecurity best practices (Report) is not the first time HHS has discussed the prevalent … Continue Reading

Deeper Dive: Take Action to Close the Largest Cause of Data Security Incidents – Your Employees

By David Kitchen on April 17, 2018 Posted in Data Security Incident Response

If you work at a typical company, employee actions and inadvertent disclosures present the greatest threat to the security of your data. Therefore, providing proper training and technical safeguards is one of the most important means to enhance your company’s security profile. In BakerHostetler’s newly-released 2018 Data Security Incident Response Report, we assisted our clients … Continue Reading

When Obscurity Is Not a Defense

By Andreas Kaltsounis on February 22, 2018 Posted in Cybersecurity

Many organizations facing a data-security incident struggle to understand how or why their organization was targeted in an attack. Most simply believe they are too small or too obscure to be targeted by malicious cyber actors. Even larger, well-known businesses are lulled into complacency, mistaking years without a major security incident as evidence that their … Continue Reading

A New Tax Season, but the Same W-2 Spear Phishing Scam

By David Kitchen and David M. Brown on January 22, 2018 Posted in Phishing

According to the IRS, the IRS saw the number of businesses, public schools, universities, tribal governments and nonprofits victimized by W-2 scams increase to 200 in 2017 from 50 in 2016. Those 200 victims translated into several hundred thousand employees whose sensitive data was stolen. In some cases, the criminals requested both the W-2 information … Continue Reading

Tax Season Is in Full Swing: Beware of the W-2 Spear Phishing Scam

By Patrick H. Haggerty on January 13, 2017 Posted in Phishing

Last year we saw an unprecedented number of companies of all sizes fall victim to a W-2 spear phishing scam. The scam usually began with a “spoofing” email that appeared to have been sent by a company’s CEO or CFO to one or more employees in the human resources or payroll department. The email typically … Continue Reading

OCR Issues Alert Regarding Phishing Email Disguised as Official OCR Audit Communication

By Patrick H. Haggerty on November 29, 2016 Posted in HIPAA/HITECH, Medical Privacy

11/30/2016 Update: Today OCR issued another alert relating to the phishing email campaign and has shared that the phishing email originates from the email address OSOCRAudit@hhs-gov.us and directs individuals to a URL at http://www.hhs-gov.us. This is a subtle difference from the official email address for OCR’s HIPAA audit program, OSOCRAudit@hhs.gov. Covered entities and business associates … Continue Reading

Deeper Dive: Human Error Is to Blame for Most Breaches

By Will R. Daugherty on April 25, 2016 Posted in Cybersecurity, Incident Response, Online Privacy

Each year, as companies implement the latest security technologies, attackers develop and launch new tactics, techniques, and procedures to circumvent those technologies. While investment in security defense and detection technologies is an essential component to building an effective defense-in-depth strategy, the reality is that most breaches can be traced back to human error. In our … Continue Reading

BakerHostetler Data Security Incident Response Report Reveals Being “Compromise Ready” Better Positions Companies to Respond to Incidents

By Theodore J. Kobus III on March 30, 2016 Posted in Incident Response, News, Online Privacy

On March 30, 2016, we released our second annual Data Security Incident Response Report. Key findings show that phishing/hacking/malware was the cause of 31% of data security incidents during 2015, revealing a shift from 2014 when human error was the leading cause. The report also continues the inaugural-year theme that no industry is immune to … Continue Reading

Hi-Tech & Low-Tech Social Engineering Used for Corporate Bank Account Takeovers

By Craig A. Hoffman on March 13, 2012 Posted in Identity Theft, Information Security

Hi-Tech Corporate bank accounts continue to be targeted by criminals who use various forms of malware to gain access to the account and then wire money out of the account. One variation of these cyberattacks occurs in the form of a virus that captures corporate online banking credentials combined with a DDoS attack against the … Continue Reading