How to Fight a Surge in Phishing

Over the last six months, the University of Vermont Medical Center has seen a spike in phishing attempts, including those "laced with malware in an attempt to steal credentials," says CISO Heather Roszkowski.

"I've really been trying to increase user awareness training around phishing to avoid those credentials from being exploited," she says. This extra vigilance in defense of phishing comes in the wake of a few large hacking attacks in the healthcare sector, including those affecting Anthem Inc. and Premera Blue Cross in recent months, and Community Health System last summer.

In its effort to combat external threats, the medical center is also implementing two-factor authentication "for anything facing the Web, because that can pretty much render phishing attacks that are designed to steal credentials useless," she says.

In an interview with Information Security Media Group at the HIMSS 2015 conference in Chicago, Roszkowski also discusses:

• How she addresses top security and privacy challenges that have evolved since last year;
• The biggest lessons the healthcare sector should learn from the recent Anthem and Premera hacking attacks;
• Ways to bolster the security of medical devices as well as consumers' wearable health devices;
• Why using "security advocates" within an organization can help in overall information security efforts.

Before joining Burlington, Vt.-based University of Vermont Medical Center as CISO, Roszkowski served for 11 years in the U.S. Army in communications and computer information security positions. That included serving as a communications platoon leader, a communications company commander, and as the First Division Information Security Officer for the 25th Infantry Division.

Additional Summit Insight:
Hear from more industry influencers, earn CPE credits, and network with leaders of technology at our global events. Learn more at our Fraud & Breach Prevention Events site.