• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Popular Social Engineering Cyberattacks and How to Prevent Them

by Brian Bobo, Chief Digital Officer at Greenway Health 12/14/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Popular Social Engineering Cyberattacks and How to Prevent Them
Brian Bobo, Chief Digital Officer at Greenway Health

Did you know, in the first half of 2022, there were 817 cases of data compromises in the United States, and over 53 million individuals were affected?

A multinational hospitality group faced an attack that caused their IT system to shut down for 2 consecutive days. After tricking an employee into downloading a malicious piece of software through an email attachment, this hotel chain’s attackers obtained extremely sensitive information that included the password to their internal password vault, QWERTY1234 to be exact. The attackers then began irreversibly destroying the hotel chain’s data, documents, and files.

After persistent login attempts to a ride share company employee’s account, an attacker manipulated an external employee into accepting a two-factor login approval request. The attacker was able to then register their own device for multi-factor authentication (MFA), successfully login, and obtain access to several employee accounts, send messages through the companies’ Slack channels, and reconfigure the OpenDNS to display a graphic image on internal websites.

The situations mentioned, both occurring in September 2022, demonstrate effective social engineering. Social engineering is the use of social methods to manipulate individuals into divulging personal or confidential information which can then be used for fraudulent purposes. While these methods are not new, the strength of these continually evolving attacks is alarming and should be noted as it is a favorite among cybercriminals.

Current Social Engineering Tactics

Phishing

More than 90% of successful cyberattacks begin as phishing emails. One of the most common threats to date, phishing, consists of attackers sending malicious messages to gain personal, sensitive information. Hoping to obtain financial knowledge, sensitive materials, and system credentials, these inexpensive messages mimic genuine businesses and result in high-target profits based on the valuable data obtained.

Utilizing fear and urgency tactics, an attacker’s overarching goal is for users to miss warning signs and trust an email they might otherwise report. Emails sent will mention a restricted account, password change, or unrecognized login to name a few. For businesses, common tactics may include fake invoices that trick payroll into sending money or opening a damaging website.

MFA Fatigue

A strategy rising in popularity among hackers, MFA Fatigue, occurs when an attacker runs a script that repeatedly attempts to login with stolen credentials, resulting in an endless stream of MFA push notifications. In addition, attackers will also send emails impersonating IT support, in hopes to validate the notifications. The end goal is to overwhelm the target by creating a sense of “fatigue” in hopes the user approves the MFA request to get the notifications to stop. Or, because the user is used to getting multiple MFA requests a day they become used to just approving them so they can work. The MFA request if approved — allowing the attacker to successfully login.

Pretexting

A manipulative technique that tricks victims into disclosing sensitive information, pretexting involves a fictional situation, developed by an attacker, that results in stolen personal data. During these attacks, hackers will ask targets for specific information, assuring that it is needed to confirm their identity. These attackers may present themselves as IT, HR, or C-level executives hoping to validate and obtain your personal information to carry out secondary attacks.

It is important to note that phishing is a tool, whereas pretexting is an attack method. Phishing requires victims to download dangerous attachments or visit dangerous websites by utilizing fear. Pretexting, on the other hand, builds a false send of trust with the target, strengthening a believable story to avoid detection.

Protect Yourself with Proper Passwords

Implementing a strong password is key in being your first line of defense from cyberattacks. Protect yourself with these simple and effective best practices:

– Continually change your password at least once a quarter.

– Do not use the same password for multiple accounts.

– Utilize unique passwords that are difficult to guess and lengthy. Strong passwords must be at least 12 characters and utilize a combination of letters, numbers, and symbols – try creating a sentence.

– Do not store passwords in unsecured locations like an excel file on your desktop or post-it notes on your desk.

– Use multi-factor authentication. This method requires users to provide two or more verification factors to gain access to a resource.

– Consider a password manager. These software applications utilize highly advanced encryption and security designed to store and manage your online passwords.


About Brian Bobo

As Chief Digital Officer at Greenway Health, Brian is responsible for Greenway’s IT organization, overseeing the cloud-based environments of thousands of clients. Passionate about building teams and fostering collaboration, he is skilled at creating long-term cyber strategies. Brian holds a Bachelor of Science from the U.S. Military Academy at West Point and an MBA from the University of Florida, and he serves on the advisory boards of the University of South Florida’s Cybersecurity for Executives program.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cloud, Cybercriminals, Cybersecurity, Greenway Health, Phishing

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Kinetik CEO Sufian Chowdhury on Fighting NEMT Fraud & Waste

Most-Read

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

WeightWatchers Files for Bankruptcy to Eliminate $1.15B in Debt

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

KLAS: Epic Dominates 2024 EHR Market Share Amid Focus on Vendor Partnership; Oracle Health Sees Losses Despite Tech Advances

'Cranky Index' Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

‘Cranky Index’ Reveals EHR Alert Frustration Peaks Midweek, Highest Among Admin Staff

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Madison Dearborn Partners to Acquire Significant Stake in NextGen Healthcare

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Wandercraft Begins Clinical Trials for Physical AI-Powered Personal Exoskeleton

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Chipiron Secures $17M to Transform MRI Access with Portable Scanner

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

Abbott to Integrate FreeStyle Libre Glucose Data with Epic EHR

5 Ways New Trump Administration Tariffs Are Impacting U.S. Healthcare Now

5 Ways Trump Administration Tariffs Are Impacting U.S. Healthcare Now

iCAD, GE HealthCare Integrate to Advance Breast Cancer Detection with AI

RadNet to Acquire iCAD for $103M in All-Stock Transaction

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |