Stop clicking around. Viral Threats are targeting healthcare. Again.

Believe it or not, we are three-quarters of the way through 2020. While the COVID-19 pandemic has dominated the lion’s share of attention over the last six months, there has also been a surge in cyberattacks. We tend to hear about the big ones but many of them tend to lurk in the dark. Many of these attacks have been aimed at the healthcare industry, making an already rough situation even worse for many medical and dental practices and clinics.

In May of this year, Blackbaud (a software company that provides cloud solutions to healthcare organizations) was hit by a ransomware attack that compromised the data of 657,392 donors, potential donors and patients.

The Samaritan Medical Center in New York has just got its EHR system back online after three weeks of downtime (during which they were forced to use paper records) as a result of a ransomware attack.

80% of attacks are said to start in your employees’ in-box.

A series of ongoing business email compromise (BEC) campaigns that uses spear-phishing schemes on Office 365 accounts has been seen targeting business executives of over 1,000 companies across the world since March 2020. The recent campaigns have targeted senior positions in the United States and Canada.

An alert was recently issued by Trend Micro concerning these Business Email Compromise (BEC) campaigns that they have dubbed “Water Nue.” Since these phishing attacks employ the Office 365 accounts of real people to send emails, they are very difficult to differentiate from the real deal. As a result, these campaigns have been extremely successful.

One tip for your clients: Stop Clicking Around

To avoid becoming a victim of phishing or spear-phishing campaigns, the solution has more to do with individual behavior than technology. Having an up-to-date antivirus (AV) solution is important, of course, but even the best AV can’t catch everything. The strongest weapons you have for protecting yourself are boosting your employees' cyber awareness, remaining vigilant and being suspicious.

  • Employee Education. Try to stay informed on new phishing campaigns through accredited cyber awareness programs such a the BOXX Academy, so your employees can be on the lookout when they are identified.

  • Be Vigilant. Never rush to open an email attachment or click on a link, even if at first glance it seems to come from someone you work with or know well.

  • Be Suspicious. Any email that contains links or attachments should be immediately viewed as suspicious (especially if the email is unexpected or has an urgent tone). Verify the source before clicking links or opening attachments. When in doubt, pick up the phone and call the sender to confirm.

To find out how BOXX’s Cyberboxx all-in-one cyber security, education and insurance solution can ensure your clients’ practice remains operational and keeps patient data secure, please reach out to any member of the BOXX team.

Vishal Kundi

CEO & Co-Founder


For more information, please feel free to contact the following members:

Vishal Kundi:

Michelle Diniz:

Chris Masaki:

Mike Senechal: