Baystate Health phished thanks to proofpoint schmuckware

The story says it all (read the screed here). 12,000 patients compromised in phishing attack, thanks to proofpoint DMARC setting of "p=none" schmuckware. It's hard to go a week without another proofpoint muckup. Is it any wonder that hackers deliberately target hospitals (read The Telegraph story here)? Most hospital and university CISOs are not the brightest bulbs on the tree. And phishing attacks generally go to harassed and overworked "weak link" employees.

How on The Late Great Planet Earth does proofpoint manage to stay in business?
Maybe Senator Warren's idea to criminalize corporate schmucks isn't such a bad idea.


Popular Posts