Protected health information is worth 50x more than credit card information on the black market. Criminals use this information for identity theft and insurance fraud. The health care industry is a target because the profits are so high and the problem is increasing.
The HIPAA E-Tool (@HIPAAETool) is here to guide you with how cybercrime affects your business. HIPAA regulations have long required that covered entities have a secure online presence – but what does that mean? The HIPAA E-Tool provides policies, education and training you and your workforce need.
The cybercrime tactic known as “Phishing” is recognized as one of the most dangerous threats to the confidentiality, integrity and availability of electronic protected health information. Phishing attacks likely caused the Anthem breach of unsecured protected health information that affected 78,800,000 individuals that was reported to the U.S. Department of Health and Human Services on March 13, 2015. Phishing attacks are aimed at unsuspecting employees and try to trick them into clicking on a link or opening an email attachment that allows malicious software to invade an organization’s information system. Security software is hard pressed to keep up with the rapid development of new and different types of malicious software. The best defense against phishing attacks is for each of us to be alert and trained to recognize phishing attacks and not fall victim to them.
Here are some tips from the Breach Prevention Lesson Plan on Phishing Attacks (SR-13.T) found within The HIPAA E-Tool:
1. Do Not Click on any Link in an Email without Examining It
The Microsoft Safety and Security Center gives this advice:
If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company's web address.
2. Preserve Evidence of Suspected Phishing, if feasible
When a Workforce Member suspects a Phishing attack he or she should note the details by writing down the fraudulent characteristics or making a screen shot so an accurate report may be made and shared with appropriate management and other Workforce Members.
3. Report Suspected Phishing Attacks Immediately
Workforce Members should know to whom they should report suspected Phishing attacks and the person’s contact information. Reports should be made immediately.
We know cybercrime is increasing, so take the time now to learn more and reduce the chance you become a victim next month or next year.