HIPAA Security Training: How to Recognize Phishing Attempts
A key factor in preventing hacking incidents is the ability to recognize phishing attempts. Phishing incidents have become the most common cause behind healthcare breaches, especially with pandemic scams on the rise. HIPAA security training is the best defense against these types of attacks.
Employees that receive proper HIPAA security training are less likely to fall victim to phishing attacks, and are more likely to report a potential phishing scam, preventing the phishing attempts from circulating throughout your organization.
There are several key indicators that an email may be a phishing scam.
The email asks for personal information.
Legitimate organizations will never send an email that asks for passwords, credit card information, credit scores, or Social Security numbers.
The email uses a generic greeting.
Emails from legitimate organizations will address recipients by name. Many hackers use generic greetings such as “Dear valued customer” or they use no greeting at all.
Sender’s email address doesn’t look genuine.
When receiving an email from an unknown entity, it is always a good idea to check their email address. Legitimate companies will have domain emails, hackers may make a few changes to spelling or add numbers to make it look like the email is coming from a trusted organization. Email addresses can be checked by hovering over the “from” address, and carefully checking the spelling.
It’s poorly written.
A good indication that an email is not from a trusted organization is if the email is poorly written. Emails containing spelling or grammatical errors are likely phishing attempts.
The email is trying to force you to a website.
Some phishing emails are designed so that anywhere a recipient clicks, will direct them to a malicious website. Legitimate companies will not force you to go to their website; if an email contains nothing but a “click here” button, or something similar, with no other text, it is a malicious email.
There is an unsolicited attachment.
Receiving an unsolicited email with an attachment is likely a phishing attempt. Legitimate businesses will generally only send attachments when requested.
The URLs direct to a misleading site.
Before clicking on any links, recipients should hover over the link to ensure that the link will take them where it says it will. If the link differs from the text, or doesn’t match the context of the email, it is a phishing attempt.
How to Prevent Hacking Attempts
In addition to HIPAA security training, there are other best practices that increase an organization’s security.
Security best practices include:
◈ Keeping software systems up to date with security patches
◈ Using a robust antivirus program
◈ Implementing multi-factor authentication