HIPAA TIP: Email Phishing

Human behavior makes phishing attacks successful. Here’s a scenario: you’re down to the wire for paying your online bills, or you’re at work and processing some billing claims for patient services. You receive an “urgent” email stating your password will expire in 5 minutes and you need to reset the password right away. You don’t pay attention to the sender, or the sender’s email address. Were there any misspelled words in the email; do you recognize the sender? All of these are considered “Red Flags”. No steps should be taken UNTIL you can verify the email is legitimate; however, most users will follow the prompts or links and reset a password while the hackers watch and “Voila!” They are in to your system and data.

Email phishing and social engineering work! Most everyone has an email address and peoples’ trusting nature and willingness to help others often makes them susceptible to manipulative phishing attacks.

Whenever you question an email and its legitimacy – STOP! Think about what is being asked of you and when in doubt, contact – CALL the source, e.g., your bank, your billing company, your EMR or softwares used in a medical facility. Remember, when in doubt, DELETE!

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.