Healthcare phishing attacks are a growing concern, with 88% of data breaches in 2019 a result of hacking incidents. A phishing email attack is when unauthorized access to an organization’s network is gained by targeting employees’ email accounts. Hackers disguise themselves as a trusted individual and send a malicious link, usually through email, that allows them access to the employees’ email accounts. They may send the link to several employees within an organization, or target one individual. Hackers then have access to any information that may be held within the email account(s), including contacts and any email attachments.
The healthcare industry is the most targeted industry for these types of attacks due to the sensitive nature of their work. Protected health information (PHI) is worth ten times more than financial information on the black market. PHI is any individually identifiable health information such as name, date of birth, treatment, information, Social Security number, etc. The ability to detect a phishing email can save an organization from the reputational damage of a data breach.
How to Recognize Phishing Emails
Phishing emails can be difficult to detect as hackers disguise themselves as trusted entities. Hackers intentionally attempt to trick recipients into clicking links that allow access to an organization’s network.
Below are some indications of malicious emails:
1. The email asks for personal information
Legitimate companies will not send emails that ask for passwords, credit card information, credit scores, or Social Security numbers. If an email asks for any of this information, it is not an email from a legitimate organization.
2. The email uses a generic greeting
Emails from legitimate organizations will address recipients by name. Many hackers use generic greetings such as “Dear valued customer” or they use no greeting at all.
3. Sender’s email address doesn’t look genuine
When receiving an email from an unknown entity, it is always a good idea to check their email address. Legitimate companies will have domain emails, hackers may make a few changes to spelling or add numbers to make it look like the email is coming from a trusted organization. Email addresses can be checked by hovering over the “from” address, and carefully checking the spelling.
4. It’s poorly written
A good indication that an email is not from a trusted organization is poorly written emails. Emails containing spelling or grammar mistakes are likely phishing attempts.
5. It’s trying to force you to their website
Some phishing emails are designed so that anywhere a recipient clicks, will direct them to a malicious website. Legitimate companies will not force you to go to their website; if an email contains nothing but a “click here” button, or something similar, with no other text, it is a malicious email.
6. It contains an unsolicited attachment
Receiving an unsolicited email with an attachment is likely a phishing attempt. Legitimate businesses will generally only send attachments when requested. Attachments ending in .exe, .scr, and .zip are considered high-risk attachments.
7. Company links match legitimate URLs
Before clicking on any links, recipients should hover over the link to ensure that the link will take them where it says it will. If the link differs from the text, or doesn’t match the context of the email, it is a phishing attempt.
Phishing email attacks can be difficult to recognize, whenever receiving unsolicited emails, it is important to confirm the validity of the email before clicking any links or opening attachments. When unsure if an email is a phishing attempt, recipient’s should contact the company directly through the information found on the company’s website. Any contact information found within the email should be considered suspect.
Do You Need Help Addressing Cybersecurity?
Compliancy Group gives healthcare providers and vendors working in healthcare the tools to confidently address their HIPAA compliance in a simplified manner. Our cloud-based HIPAA compliance software, the GuardTM, gives healthcare professionals everything they need to demonstrate their “good faith effort” towards HIPAA compliance.
To address HIPAA cybersecurity requirements, Compliancy Group works with IT and Managed Service Provider (MSP) security partners from across the country, who can be contracted to handle your HIPAA cybersecurity protection.
Find out more about how Compliancy Group helps you simplify compliance and cybersecurity today!