Select Page

Photo credit: Widjaya Ivan (https://www.flickr.com/photos/28288673@N07/6457165789) under CC BY 2.0

Don’t become the next Catch of the Day!

Nearly a quarter of physicians and direct healthcare providers are unable to identify a phishing email, a number 3 times higher than non-provider office workers. That’s according to a recent report on healthcare insights published by MediaPro, a learning services company specializing in data compliance. Additionally, 78 percent of healthcare employees “showed at least some lack of preparedness to handle the common privacy and security threat scenarios,” including phishing.

Phishing is not a new computer security threat, but it has become more prevalent in recent years. Phishing is on the minds of most entities concerned with cyber and information security. In fact, the U.S. Department of Health and Human Services Office for Civil Rights (OCR) devoted their February cybersecurity newsletter to the subject. The full newsletter is worth reviewing (it is only two pages long), but I’ll highlight the salient points below.

The OCR’s newsletter begins by describing phishing as “a type of cyber-attack used to trick individuals into divulging sensitive information via electronic communication by impersonating a trustworthy source.” In some cases, the senders are trying to get your login or account information or other sensitive data. In other cases, the goal is for you to open attachments which contain malicious software, such as ransomware, thereby infecting your system. Either way, “one of the primary methods of combating phishing attacks of all kinds is through user awareness.”
The OCR also provides a list of recommendations for protecting against phishing attacks. Some of the recommendations include:

  • “Be wary of unsolicited third party messages seeking information.
  • “Be wary of clicking on links or downloading attachments from unsolicited messages.”
  • “Be wary of even official looking messages and links. Phishing messages may direct you to fake web sites mimicking real websites using web site names that appear to be official, but which may contain intentional typos to trick individuals.
  • “Keep anti-malware software and system patches up to date.
  • “Back up your data… Also be sure to test backups by restoring data from time to time to ensure that the backup strategy you have in place is effective.”

Access the full February 2018 OCR Cybersecurity Newsletter here.

About Mike Owens

Mike is a consultant at Eagle Consulting helping hospitals and medical practices protect their patients through risk analysis and HIPAA information security consulting. He brings experience in managing operations for the logistics and supply chain systems of a federal government agency, helping over 36,000 users worldwide with business process training and related system needs.

Pin It on Pinterest