Data Breach , Incident & Breach Response , Video

Fighting the Surge in Phishing Attacks

Cooper University Health Care's Phil Curran on Engaging Employees in the Battle

To help combat a surge in phishing attacks that spread malware, Cooper University Health Care has set up a system for employees to play an active role in the battle, says Phil Curran, CISO and chief privacy officer.

See Also: The Application Security Team's Framework For Upgrading Legacy Applications

When an employee spots a suspicious email, the worker sends an alerting email to the organization's IT team - or even directly to Curran - enabling IT staff to quickly "begin the process of blocking the email and removing it from our [Microsoft] Exchange system," he says.

Attempted attacks directly targeting the senior leadership team are also increasing at the Camden, N.J.-based health system, which operates an academic medical center, a cancer center, a children's hospital, three urgent care centers and more than 100 outpatient offices throughout South Jersey and Pennsylvania, he notes.

When it comes to these business email compromise schemes, "we've instituted manual process for verification," Curran says in a video interview at Information Security Media Group's recent Healthcare Security Summit in New York.

"For example, if someone in finance receives an email purportedly from the CEO asking to send money, they will need to get verbal permission from the chief financial officer before that transaction [is approved]," he notes.

In the interview, Curran also discusses:

  • The types of ransomware and other malware attacks his organization has been battling this year;
  • Why incident response planning is critical;
  • Healthcare sector cybersecurity predictions for 2017.

Curran is chief information assurance and privacy officer at Cooper University Health Care. He has more than 20 years of experience in information security and privacy in the military, government and private sectors. In his current role, he's responsible for managing governance and regulatory compliance; risk assessment and management; threat intelligence and vulnerability assessment; privacy and security investigations; business continuity; and awareness and training.


About the Author

Marianne Kolbasuk McGee

Marianne Kolbasuk McGee

Executive Editor, HealthcareInfoSecurity

McGee is executive editor of Information Security Media Group's HealthcareInfoSecurity.com media site. She has about 30 years of IT journalism experience, with a focus on healthcare information technology issues for more than 15 years. Before joining ISMG in 2012, she was a reporter at InformationWeek magazine and news site, and played a lead role in the launch of InformationWeek's healthcare IT media site.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing healthcareinfosecurity.com, you agree to our use of cookies.