Menu Close

Security Update September 2022

For more tips and how-to's, visit our tech blog

Optus Breach

You may have seen in the news that Optus were the victims of a serious data breach over the last few days. This continues a trend of personal information being stolen and we expect to see this data, alongside data from previous leaks, used to escalate future attacks on both businesses and individuals.  

This means it is even more important to practice good security practices, including: 

  • Be suspicious – if something seems off, trust your instincts, and take the time to double check.
  • Don’t trust people on the phone.

Make it a priority to review your personal and business security, e.g., do you have 2FA on everything that is valuable?

Multi Factor Authentication Fatigue

We sent out a newsletter earlier this year on Multi Factor Authentication (MFA) Bombing, where attackers will send MFA requests constantly until you give in and approve them. Since then, we have continued to see this practice used to bypass MFA security, including in attacks specifically targeting medical practices.

So as a reminder, if you are getting prompts for MFA and you are not certain that you should be, or you are getting a large volume of them, please do not click approve! Take the time to stop and check, and if in doubt, please pick up the phone and confirm with us. 

Impersonation

You know us, and trust us, and this is a risk that a clever attacker can exploit. We have seen reports of attacks on other IT providers’ customers by impersonating technicians to gain access to those customers.

If you receive a call claiming to be from Health IT and you’re not certain or something feels wrong, it is better to be safe than sorry. Hang up the phone and call us back on our main number (07) 3839 4321.

As always, we are here to help – if you ever have a concern please don’t hesitate to reach out.

Health IT offers virtual security training that can help you get better at spotting and avoiding scams. Training is all online and can be done at anytime.
To get your staff enrolled in our security training program, get in touch today.

Get in touch