Aspire Health’s email system was hacked earlier this month, exposing email addresses and other data. But it could have been prevented, says Matthew Gardiner, cybersecurity strategist for email security firm Mimecast.
“This attack on Aspire Health is a type of email phishing attack that happens all too often,” he says. “While the ultimate goal of the attacker can vary, the technique of using spear-phishing to lure an unsuspecting person to a fraudulent log-in page to then steal their email login credentials and data that flows through that account, happens regularly.
According to media reports, the attacker accessed Aspire Health’s internal email system, and forwarded 124 emails to an external email account, according to USA Today.
Gardiner adds that there are “many solid defenses against this technique, including the use of multi-factor authentication, anti-phishing and email monitoring services, as well as focused user awareness training. Coupled together, these security controls can significantly reduce the risk of these types of attacks being successful.”