HIPAA Tip: Phishing

Almost everyone in today’s day and age knows the word “phishing”, yet every day (or hour, or minute) and organization is attacked by threat actors through phishing.

A phishing attack is an attempt by criminals to trick you into sharing information or taking an action that gives them access to your accounts, your computer, or even your network. It’s no coincidence the name of these kinds of attacks sounds like fishing. The attack will lure you in, using some kind of bait to fool you into making a mistake. Phishing attacks may strike using your email, text message, or websites to trick you by posing as a trusted person or organization.

When you click the link or download the file, you may install programs that provide the attacker with access to your computer or even your entire network. Clicking the link might also take you to a fake login page for a website you trust. Any passwords you enter will be captured by the attacker.

Look for the RED FLAGS:

• Email address – do you recognize the address? Is the address close to someone you know, but not the exact address they typically use?
• In the email is there a sense of urgency – must take steps right away, or there may be negative repercussions?
• Are there any misspelled words in the email? If someone is sending an attachment or link saying you requested this information (or ordered something), think back – did you request this information, did you even place an order with this company?
• Check the time that the email came in – would this organization or person typically send an email at 3 a.m.?

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.