Spectrum Health Vishing Attack
Spectrum received reports that patients and Priority Health members were being targeted by a vishing attack, where hackers were impersonating Spectrum and Priority Health employees. The calls were prompting patients to reveal their protected health information (PHI), particularly member numbers.
It is likely that many members will fall for the vishing attack, as hackers went as far as to use a “spoof” caller ID that gives the appearance that the callers are actually calling from Spectrum Health.
Scott Dresen, senior vice president and chief information security officer commented on the vishing attack, “These are not the type of questions our employees would ask in a legitimate phone call from Spectrum Health or Priority Health. For example, we would never ask someone to tell us their password for the Spectrum Health App. Best practice is to be wary of any unexpected call from your healthcare provider.”
Best Practices for Avoiding Becoming a Vishing Attack Victim
Victims of a vishing attack can suffer greatly. Hackers can use the information obtained in a vishing attack to commit financial fraud, or to steal a patient’s identity.
To ensure that you do not fall victim to a vishing attack, the following are best practices:
◈ Don’t share account passwords or one-time verification codes
◈ Don’t provide PHI to callers (birth date, address, Social Security number, etc.)
◈ Don’t confirm employment or other personal information
◈ Don’t provide any financial information
◈ Always ask for the name of the person calling and a number that you can call them back on