Just one phished moron brings down multiple healthcare systems; ditto IMHO for the city of Baltimore. Burning question: Who's next?
"…the hacker gained access…when an employee fell for a phishing email…"
If I were a betting man, I'd put money on there being one "Moron Zero" working for the city of Baltimore as the phishee that brought down the whole city. Either their security vendor MXToolbox bit off more than they could chew (DMARC enforcement is set to "p=none"), or just as likely, they were phished through Microsoft Office (SPF.protection.outlook.com).
Also, in my humble opioion, Baltimore is just a dry run for an entire state government. California and its major cities of Los Angeles and San Francisco are wide open to phishing attacks. But my bet is on New York State and/or New York City, neither of which have any DMARC protection. Stay tuned.
Et tu, Baltimore.
#saukprariehealthcare #tahoeforesthealthdistrict #spartacommunityhospital #idahodepartmentofhealth #spectrumhealthlakeland #mxtoolbox #microsoft #microsoftoffice #microsoftoutlook