All Data Fast News is © Data Fast Solutions, unless where otherwise indicated • All Rights Reserved

Data Fast News


Keep up to date with Data Fast Solutions for your business.

Phishing Attacks in Healthcare

Phishing Scam NoticePhishing, the attempt to fraudulently gather personal and financial data, is an ongoing threat to hospitals and other health care facilities. One of the most recent cases of phishing, as reported by the HIPAA Journal in June of this year, was Verity Health Systems in Oregon. The phishing email was not in relation to patient data, but was requesting information on Verity employees themselves. The email appeared to come from within the company, so the unsuspecting receiver of the email complied with the request, sending employee names, addresses, social security numbers, and even the earnings and withholdings of Verity employees to the attacker.

Some feel certain that they would not become victim to such an attack, but phishing has become much more sophisticated with the IRS, and other organizations, issuing warnings to the public to stay alert. The HIPAA Journal article states that compromises via business email have been highly effective due to the fraudulent emails appearing to come from a CEO or other executive.

Hooked UnsecureMicrosoft provides some ways to recognize phishing which may include emails that contain:

  • Bad spelling and grammar - Cyber attackers are generally not good spellers and their grammar is often bad.

  • Links in an email - If a link in an email seems suspicious, do not click on it. Microsoft advises to rest your mouse over the link, but DO NOT click on it to see if the address that was typed for the link matches what is displayed.

  • Threats - Phishing emails often contain threats of account closures or other urgent sounding verbiage stating that their request for information must be completed or consequences will follow.

But how would this have helped the Verity employees? Many people are already aware of certain ways to recognize phishing, so attackers are constantly attempting new ways to phish, as was seen in the Verity case. Therefore, thorough training and continued communication are key. In fact, prior to the Verity Health Systems attack, two other large healthcare companies, Magnolia Health Corporation of California and St. Joseph’s Healthcare in New Jersey had almost identical scams which resulted in data breaches in February of this year.

Training employees on the ways in which new attacks are occurring and then following up with employees on recent reported cases can help thwart future attacks. When cyber attackers see that their fraudulent efforts are working, they tend to continue in the same manner. If the Verity employees had been aware of the attacks on Magnolia and St. Joseph’s earlier in the year, they may have questioned the validity of the email they received.

Staying informed is one of the best defenses against phishing. Data Fast Solutions is your best I.T. partner to make sure that you stay informed about phishing and other cyber attacks. Data Fast Solutions has seasoned, skilled, professionals who are highly knowledgeable in cyber security as it relates to HIPAA and keeping your health care organization safe from cyber attacks.

This article is ©2016 Data Fast Solutions • All Rights Reserved

Comments are closed.