Challenges
Phishing attacks continue to be a profitable and successful attack vector when targeting PHI or delivering ransomware to hospitals and health systems, with potentially millions of records left compromised. Hospitals are already struggling with resource constraints, shrinking budgets, and maintaining compliance with ever-changing regulatory requirements. Relying on email as a primary form of communication is crucial to ensure the delivery of care to patients and maintaining operations. With over a million patients yearly, this dependency on email correspondence made the Hospital increasingly vulnerable to phishing attacks. If an employee fell prey to a phishing email, it could result in financial losses, data breaches, potential HIPAA violations, and damage to the hospital’s reputation. The hospital’s team was drowning in the sheer number of emails requiring investigations, and the daunting aftermath of a single successful email attack weighed heavily on the small security team. Hired initially to focus on high-priority security projects, these employees were redirected due to the overwhelming volume of potentially harmful emails that demanded attention, dedicating more than 60% of their time to investigating and responding to suspicious emails between Splunk alerts and user submissions. To reduce the risk of successful phishing attacks and protect patients’ PHI and PII, the security team needed to either offload these tasking investigations or find the resources to effectively respond to user- submitted emails and emails flagged by their SIEM.
Solution
The Hospital partnered with Binary Defense as a trusted advisor to develop a tailored strategy for addressing their specific phishing response requirements. This collaboration allows the security team to reclaim valuable time, enabling them to refocus on critical initiatives and reduce the mean time to response (MTTR) for malicious emails reaching their employees. The security team no longer has to conduct tedious, manual investigations but leverages the Binary Defense phishing analysts to conduct full-scope email investigations of user-submitted emails and phishing alerts generated by their SIEM. During the investigation, the Binary Defense phishing analyst conducts proactive analysis leveraging intelligence correlation and hunting to identify indications of additional successful phishing attacks present in the hospital’s environment. Following an investigation, the phishing analyst provides tactical and strategic recommendations to fortify the email attack surface of the Hospital and enhance its defensive capabilities. By fine-tuning detections and offering remediation recommendations, Binary Defense’s skilled phishing analyst significantly minimizes risks for the Hospital, ensuring their team’s peace of mind.
Results
Over the course of 5 months, Binary Defense’s phishing analyst investigated 1,963 suspicious emails caught by the SIEM and user submissions. Out of 1,963 cases, the phishing analyst escalated 40, with only one requiring action from the Hospital’s security team. As a result, the security team has saved over 95 hours per month since teaming up with Binary Defense. Beyond the quantifiable measures of escalated and investigated emails, the partnership with Binary Defense has brought forth a qualitative shift in the hospital’s phishing response approach. Binary Defense’s phishing analysts were able to customize the service to the Hospital processes and procedures. This led to the hospital’s security team fully embracing the suggested remediation recommendations, instituting new procedures, and strengthening its detection capabilities. To enhance its security measures, the Hospital leveraged both Binary Defense’s Phishing Response Service and Managed Detection & Response Services, adding extra layers of defense. This approach ensures the hospital remains proactive in protecting patient data and maintaining trust in its services.