One of the biggest threats to the electronic Protected Health Information (ePHI) in your practice’s IT systems is phishing attacks by e-mail.
If you are not familiar, cyber criminals send an e-mail to someone in your practice and try to trick them into clicking on a link. This link sends them somewhere on the Internet where they enter and therefore give over sensitive information (ePHI). That information then can be used to gain further access into your network and sensitive data.
Recently, there has been a number of incidents where the phishing e-mail tricks the user into comprising the credentials of the user’s e-mail account. A cyber criminal then has access to the user’s e-mail account where most likely ePHI is stored. Also, the cyber criminal can then use the account to e-mail others in the practice and trick them into comprising their accounts also.
A few tips to keep in mind to recognize phishing. It’s fairly easy to spoof (look like it is coming from someone when it is not) an e-mail address or even easier to spoof an e-mail display name in the from field. Simply put, if the e-mail, at the top, shows that is from “John Smith” it could easily not be from him. If the email’s content is urgently trying to get you to give up sensitive data, and you were not expecting such an e-mail, go ahead and pick up the phone and contact John Smith to confirm he sent it. Another easy tip is to hover over links in e-mails. A cyber criminal can type anything they want and then make it a link to anywhere. So if the text says “very legitimate link”, if you simply hover over it, you can see that it takes you to web site “http://ripoffwebsite.com”
So in sum, it’s very easy for cyber criminals to manipulate e-mails to make you think it is from someone it’s not and make you think the link is something it’s not. Furthermore, through social media, web sites, and other Internet sources it’s almost public information where you work and who your leadership is. So next time you get an e-mail from your CEO saying he needs some information ASAP, stop and think.