How healthcare workers defend against email bombing attacks

Email bombing is a malicious practice in which a large volume of emails are sent to a single email address or a mail server to overwhelm the recipient's inbox or cause disruption to the email service. Healthcare professionals can take steps to protect against email bombing attacks.

Dangers of email bombing

Email bombing hides important account activity notifications from victims. Inbox spamming distracts from the actual harm occurring in the background. 

Hackers buy pricey items, make fraudulent bank transactions, and threaten to take email accounts from domain owners.

See also: What is ransomware and how to protect against it

How to guard against email bombing

To protect against email bombing and ensure HIPAA compliance: 

• Use spam filters: Enable robust spam and filtering systems on your email servers and clients. These filters can automatically detect and move suspicious emails to the spam folder, reducing the risk of email bombing.
• Regularly update security software: Keep your email security software and tools up-to-date.
• Educate staff: Conduct regular training sessions to raise awareness about email security, recognizing phishing attempts, unusual email patterns, and the importance of not clicking suspicious links or downloading attachments from unknown sources.
• Implement rate limiting: Limit the number of emails received from a single source within a specific timeframe. This secures your inbox from attackers trying to overwhelm it.
• Monitor email traffic: An unusual surge in incoming emails could signify an email bombing attempt. Early detection is essential for minimizing damage.
• Report suspicious activity: Encourage staff to report any suspicious emails or unusual email patterns to the IT department. Prompt reporting can help your organization respond quickly to potential threats.
• Use strong, unique passwords: Ensure email account passwords are strong, complex, and unique. Avoid using easily guessable information like birthdays or common words.
• Enable Two-factor authentication (2FA): 2FA adds an extra layer of security, requiring a secondary verification method to access your account.
• Create an incident response plan: Develop an incident response plan for email bombing incidents, outlining steps to take if an attack occurs, including communication, mitigation, and recovery procedures.
• Regularly backup emails: Regularly back up email data to ensure access to essential communications in case of email service downtime.
• Review email usage policies: Review and update your organization's email usage policies and ensure all employees follow these policies, including guidelines for safe email practices.
• Encrypt sensitive data: Encrypt sensitive data when sending it via email to ensure it remains secure and unreadable to unauthorized parties.

Go deeper: HIPAA Compliant Email: The Definitive Guide  

What to do during an email bombing attack

1. Alert the IT team: Immediately inform the IT team about the attack. 
2. Verify the attack: Check for unusual patterns of incoming emails, such as a sudden and massive influx of messages from various sources.
3. Isolate the affected account: Isolate the email account or server being targeted. If possible, restrict access to the account temporarily to prevent further damage.
4. Activate incident response plan: If your organization has an incident response plan, activate it. This plan should outline specific steps during a security incident, including communication, mitigation, and recovery procedures.
5. Alert staff and users: Inform staff and users about the email bombing attack. Advise them not to click on any suspicious links or download attachments from unknown sources.
6. Change passwords and enable 2FA: Change the passwords for the affected email accounts and enable 2FA to enhance security.
7. Contact your email service provider: If using a third-party email service provider, contact them to report the attack and request their assistance in mitigating the situation.
8. Assess damage and impact: Evaluate the damage and the potential impact of the attack on your organization.
9. Monitor and document: Continuously monitor the situation and document details about the attack. This information can be valuable for legal and regulatory purposes.
10. Report to authorities: Depending on the severity of the attack and the potential data breaches, you may need to report the incident to relevant authorities or regulatory bodies, especially if patient data is compromised.
11. Enhance security measures: Review your organization's email security measures and update them to prevent future attacks. Consider conducting a security audit to identify vulnerabilities and address them.
12. Communicate with affected parties: If patient data or sensitive information is at risk, consider notifying affected parties about the attack, following legal and regulatory requirements.
13. Legal action: Depending on the extent and impact of the attack, you may consider taking legal action against the attackers if their identity can be determined.

Go deeper: How to survive an email bomb attack