GW is investing in technical controls, outreach and education to prevent cyberattacks, the head of the Division of Information Technology said this week.
David Steinour, chief information officer of GW’s IT division, said the University’s security program is working to reduce the risks associated with malware and other cybersecurity threats. He said hackers have tried to hack into GW’s information technology systems – in line with a global trend of cybersecurity threats.
“We’re making investments in each of these areas and again, while no security program will ever yield perfection, this will give us a good chance of reducing our exposure to these types of attacks,” Steinour said in an email.
The division of IT sent out an alert earlier this month to GW staff, faculty and students that they had received reports of phishing scams targeting hospitals and health systems through fraudulent emails to hospital employees.
The notice came a day after MedStar, one of the D.C.’s biggest hospitals, was hacked. MedStar employees encountered a ransomware attack that shut down their computer systems when a pop-up message demanded payment in exchange for a digital key that would unlock data, according to several reports.
Phishing is the attempt to acquire information like passwords by disguising messages, often in emails.
Steinour said his office receives reports of 15 to 20 confirmed phishing messages a month. He said officials in IT have not noticed an increase in reports but they do see increases when news about phishing attempts are in the news.
Georgetown University confirmed that it was hit with a cyberattack last week, but officials said hackers were not able to access university data.
Steinour said the IT division uses a number of tactics to manage the risks of phishing, including educating people about the threats associated with phishing.
“We show people real examples of phishing messages and how to detect and report a message that may not be legitimate,” Steinor said. “On the technical side, we have spam filters in place that can filter out mail that meets the criteria of an untrustworthy message.”
Josh Pauli, a professor of security at Dakota State University, said while protection on devices has increased, so has the sophistication of the attacks.
“The quantity and the quality of the phishing attacks have increased,” Pauli said. “Now it is very specific if they can find something out about GW or about a specific faculty member and craft an email.”
Pauli said criminals attack hospitals often because medical records and histories can be lucrative. He also said hospital infrastructures, computers and networks are easy for hackers to get into compared to a bank or government information.
“There is some recent research that says that over 80 percent of all the data breaches and exploits are related to something the humans made,” Pauli said. “We clicked on links we shouldn’t or attachments or visit websites that infect us or exploit our machines. It is really user awareness and a user-education battle across every sector.”