As cyber attacks become more sophisticated, companies struggle to stay ahead of the game and protect their resources from dangerous hackers and online attacks. A recent example is France’s Health Insurance scandal, in which a leading insurance body fell victim to a severe data hack, exposing over 500,000 patients’ sensitive information.
What may seem like inevitable cyberattacks can actually be prevented by the implementation of proper security tools across your organization’s networks.
On March 17 2022, 19 staff accounts belonging to the French National Health Insurance portal, “Amelipro”, had been hacked after staff email addresses had been compromised. The hack resulted in approximately 510,000 patients’ data stolen, including names, birthdates, social security numbers and other personal information.
The hackers managed to obtain such sensitive identity information by first compromising healthcare staff’s email accounts, presumably by a spear-phishing attack. Spear-phishing is a type of social engineering attack where attackers exploit human error in order to perform malicious actions or divulge confidential information. In such attacks, hackers directly target a specific organization with tailored phishing communications, such as emails or URLs that look like familiar sites, aimed at deceiving employees. Workers are then misled to provide their personal credentials, as they believe they are entering a private work portal or answering an email from a fellow employee.
What seems to be the most shocking aspect of this case is that the hackers didn’t even need to bypass Amelipro’s security in order to infiltrate their system. By first stealing employees’ account passwords with spear-phishing, the hackers were able to access the private insurance portal and get their hands on sensitive information simply by logging into the portal with stolen credentials.
Once the cybercriminals gained access to the portal, they presumably used methods such as crawling and scraping in order to obtain patient data. Crawling is a process in which hackers scan websites, moving from page to page and mapping out their URL metadata. With scraping, the hackers then copied and extracted the information, getting their hands on thousands of pieces of private data in a matter of hours.
In order to keep your organization secure from attacks like the French Health Insurance breach, there are several best practices to implement across your network.
Phishing attacks are some of the most common cyber attacks suffered by organizations worldwide. User training and company awareness are essential first steps to ensure your workers know the signs to look out for when opening suspicious emails and links.
Integrating Web Filtering as part of your Secure Web Gateway is critical for online safety as web filtering rules block malicious sites and can stop a phishing attack right at its source.
Common online vulnerabilities are often caused by poor user identification and authentication. Without proper multi-factor authentication (MFA), hackers’ access to private portals requires only the user’s email and password without any verification, making it much easier to hack sites.
With MFA, combining user IDs and passwords alongside other identification methods can dramatically decrease the likelihood of compromising users’ accounts.
The Zero Trust “trust no one, always verify” approach, is an increasingly popular solution to protect organizations from cyber attacks. With Zero Trust, user access is segmented so that each employee is granted access only to the resources essential for their work and not to the network at large. This significantly reduces the attack surface and makes it much harder for hackers to access sensitive data.
Perimeter 81’s comprehensive collection of security tools makes it easy to stay on top of your network security. Advanced features such as Zero Trust Application Access (ZTAA) and Secure Web Gateway (SWG) provide the ultimate solution for today’s dynamic threat landscape and ensure your organization is protected from online dangers.
By implementing best practices such as multi-factor authentication and web filtering rules, you can ensure your organization is protected by reducing the chances of potential data breaches.