Vishing Attack

Beware. Hackers have graduated to using vishing attacks to target patients. Vishing attacks occur when hackers call patients disguising themselves as a trusted entity, such as a healthcare organization, prompting patients to share sensitive information over the phone. Spectrum Health is warning patients and Priority Health members of one such vishing attack.

Spectrum Health Vishing Attack

Spectrum received reports that patients and Priority Health members were being targeted by a vishing attack, where hackers were impersonating Spectrum and Priority Health employees. The calls were prompting patients to reveal their protected health information (PHI), particularly member numbers. 

It is likely that many members will fall for the vishing attack, as hackers went as far as to use a “spoof” caller ID that gives the appearance that the callers are actually calling from Spectrum Health.

Scott Dresen, senior vice president and chief information security officer commented on the vishing attack, “These are not the type of questions our employees would ask in a legitimate phone call from Spectrum Health or Priority Health. For example, we would never ask someone to tell us their password for the Spectrum Health App. Best practice is to be wary of any unexpected call from your healthcare provider.”

Why Compliancy Group

HIPAA Compliance is an important part of your business, so why not use someone you can trust? Compliancy Group is the only compliance firm to be listed on both Inc. 2020 Best Places to Work and 2020 Inc. 5000 list of the fastest-growing private companies in America. By working with us, you are welcomed into the safety of our family.

Put your trust in us

Best Practices for Avoiding Becoming a Vishing Attack Victim

Victims of a vishing attack can suffer greatly. Hackers can use the information obtained in a vishing attack to commit financial fraud, or to steal a patient’s identity. 

To ensure that you do not fall victim to a vishing attack, the following are best practices:

Don’t share account passwords or one-time verification codes

Don’t provide PHI to callers (birth date, address, Social Security number, etc.)

Don’t confirm employment or other personal information

Don’t provide any financial information

Always ask for the name of the person calling and a number that you can call them back on