2 min read

What is a Trojan and how can you protect your healthcare business?

Kapua Iao October 26, 2020

Healthcare cybersecurity news

Developer working at laptop with code displayed and white horse sculpture on desk

White trojan horse figurine on laptop keyboard next to monitor displaying code

A Trojan is a type of malware that uses deception to trick unsuspecting users into downloading malicious computer programs or attachments. And unfortunately, the use (and strength) of such vicious programs has only increased over the past few years. RELATED: HIPAA Data Breaches Also Surge During the Age of Coronavirus Let’s explore the problems caused by malware and Trojans, and how covered entities (CEs) need strong cybersecurity to safeguard patients’ protected health information (PHI).

Malware and phishing attacks

Malware (or malicious software) is a general term for intrusive software that exploits or infects a system. It can come in many forms, ranging from viruses, adware, spyware, ransomware, and of course Trojans. RELATED: The Costs of Ransomware Attacks Malware is typically relayed to victims through phishing emails, sent en masse or to targeted individuals through spear phishing. Threat actors sometimes use social engineering to convince someone to download or load software, programs, or apps, thereby executing the malware. In fact, phishing remains the most common way that malware infects a system because of what is known as the human factor (i.e., human error). Verizon’s 2020 Data Breach Investigations Report lists phishing as an alarming problem for all organizations. Unfortunately, Americans lost $57 million to phishing attacks last year; this number seems to be increasing for 2020.

Types of Trojans

A Trojan often shows up in a phishing email disguised as legitimate software. And once in, a Trojan lets cyberattackers spy, steal, and gain access to data (i.e. PHI). Trojans and viruses are generally treated as interchangeable but are not the same thing. A virus is malware that attaches itself to an email to infiltrate and infect a computer. And while a virus can spread, a Trojan is unable to self-replicate. IT specialists classify Trojans based on the type of actions they perform when executed:

Backdoor
Exploit
Rootkit
Trojan-Banker
Trojan-DDoS (Denial of Service)
Trojan-Downloader
Trojan-Spy
Trojan-Mailfinder

The list goes on. Generally, Trojans are simple to create and easily spread through trickery; a single Trojan can fit into more than one category. The well-known, damaging Trojan Emotet, first reported in 2014, is both a downloader and a banking Trojan. It started in the banking industry and currently has its sight set on pharmaceutical businesses.

Email cybersecurity needs

It is important for CEs, when creating a robust cybersecurity program, to identify possible security risks or face a HIPAA violation. And as email is the most utilized threat vector, organizations should focus part of their cybersecurity plan on employee awareness training along with strong email security (i.e. HIPAA compliant email). Training must be continuous, up-to-date, and constantly tested. New cyber problems emerge daily, which is why employees need to be able to recognize and block malicious emails. And email security must include measures that further protect against harmful inbound email. Paubox Email Suite Plus includes two key features that mitigate such email risks: inbound security that block phishing emails and ExecProtect that protects against display name spoofing. Phishing attacks and the malware they transmit, such as Trojans, are an unfortunate risk of the digital world. But with the correct tools, electronic communications can be utilized safely, including by CEs within the healthcare industry.

Try Paubox Email Suite Plus for FREE today.

Start for free