Phishing: Don’t Take the Bait


Because healthcare organizations hold a wealth of sensitive information, they’ve been prime targets of phishing attacks for years. In a 2018 report by Merlin International, 62% of respondents (healthcare organizations) had experienced a cyberattack in the last year, half of which resulted in lost healthcare data. Furthermore, up to 91% of cyberattacks can be traced to phishing emails.

In phishing scams, hackers masquerade as legitimate sources that you’re familiar with and trust. They trick you into handing over your credit card number, bank account number, social security number, passwords, and more. Hackers may steal your information, money, and identity, or they may infect your organization’s system with malware and put your data at risk.

Phishing attacks can target both your personal email account and your work email. Furthermore, many employees access both accounts from their work computers, perhaps doubling the risk of an email phishing attack on their organization’s systems. Therefore, you must learn how to recognize phishing scams and refuse to take the bait.

How Does Phishing Work?

Hackers disguise their malicious emails as harmless communication, such as marketing emails from an online retailer. They may even pretend to be your bank or a government authority, such as the IRS or FBI. Phishing emails may have links to fake websites that look similar to trusted organizations you often visit on the web. Thus, hackers lure you into visiting the malicious site and giving up login information.

Below are some of the signs of a phishing email or website:

  • A generic “hello” greeting. Phishing emails don’t use your name because they are sent en masse and not personalized.
  • Asking for personal information. Most legitimate organizations won’t ask you via email to input personal information, such as a credit card number or password.
  • A sense of urgency. Phishing emails often urge you to take immediate action, playing on fear or other emotions to make you act before you think.
  • Attachments. Phishing emails may have infected attachments that will unleash malware onto your computer, which can destroy or copy your hard drive.
  • Links. Phishing emails may have masked links to a phony website. Hover your mouse over the link to see its actual address.
  • Poor spelling or grammar. Hackers come at all skill levels. However, many show signs of poor writing skills.

How to Prevent a Phishing Attack

Although healthcare employees are falling prey to phishing attacks at an alarming rate, you don’t have to. The following precautions will help you avoid getting caught in a scam, both before and after a phishing email makes it to your inbox.

  1. Install robust spam filters that will identify malicious emails and send them to spam.
  2. Adopt a URL scanner that will check the authenticity of any website you visit.
  3. Turn on browser filters to help you discover if a website is a phishing site.
  4. Install a security toolbar to alert you when visiting known phishing sites.
  5. Don’t open suspicious emails, links, or attachments. Instead, call the organization that supposedly sent the email and see if it’s legitimate.

Touch base with your IT department to get help with protecting your email against cyberattacks. However, keep in mind that hackers are constantly refining their techniques to bypass security measures. Therefore, you must never let your guard down, even with precautions in place.

Read more: How to Secure Your Workstations

Cybersecurity Training

You are the ultimate defense against phishing attacks. Although humans are the ones who often give hackers what they want, they are also the ones to recognize and refuse to respond to phishing emails. Therefore, the more you and your team learn about phishing, the more likely you’ll be able to recognize an attack before it occurs.

Some organizations conduct “phishing simulations,” which shows how many people fall prey to fake phishing attacks. Those who took the bait then get additional training to help them recognize the scam. Rather than punishing employees that fail the simulation, you should focus on teamwork and learning.

A Final Word on Phishing

With perhaps thousands of personal records at stake, healthcare organizations are the big fish that hackers try to hook. By far, email is the most common means of phishing and cyberattacks in general. Therefore, you must put technical safeguards in place to detect and prevent scam emails and train your staff on how to recognize them.

To help you and your team create a culture of security compliance, the HIPAAtrek platform sends automatic reminders to your entire team about login monitoring, password management, and malicious software. Request a demo or contact us to learn more.

Read more: Password Management

Check out our Breach Notification Letter Template!

Our free template makes it easy to create a compliant breach notification.

Breach Notification Letter Template

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Double Extortion: What It Is, and How You Can Prevent It

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »