Phishing is a severe risk for providers.

Phishing, an email social engineering tactic, poses a severe threat to healthcare organizations, historically underinvested in security. According to Becker’s Hospital Review, cyberattacks increased 94 percent over the past year. All healthcare organization members must know what to watch out for in their inboxes to avoid phishing attempts.

Types of Attacks

The most common form of phishing is mass-produced emails targeting anyone who opens them. Often, they ask for personal information or include malicious attachments. Although the most common form, standard phishing accounted for multiple high-profile healthcare attacks in 2021, according to HealthIT Security.

Spear phishing takes a more targeted approach to the email tactic. Spear phishing emails include more effective personalization due to the hacker paying more attention to the victim’s department. These emails target individuals in an organization like admins.

Whaling is a colloquial term for phishing attacks directed at high-level organizational management like CEOs and CFOs. Usually, they use fear to gather personal information from these individuals. One typical example of whaling is an email alerting potential victims of legal action and prompting them to open an attachment or click a link to learn more.

In 2022, hackers can leverage any of these tactics through text or instant messaging. For example, it is common for them to send phishing attacks posing as a coworker or supervisor, known as Smishing. These messages often ask for payment in non-standard forms, like gift cards.

How to Detect Phishing Emails

The NIST cybersecurity Phish scale details some of the signs of malicious emails. Employees should scrutinize any email from an unknown sender asking for information. Additionally, emails with inconsistent branding, spelling errors, unprofessional formatting, or a generic greeting (“To whom it may concern”) may be a phishing attempt. Other suspicious signs are emails with a ‘too good to be true’ offer, claiming the victim won a contest or free vacation.

Protecting Your Healthcare Organization from Phishing

By encouraging a ‘culture’ of cybersecurity in their organization and making employees aware of cybersecurity risks, healthcare administrators can ensure that their staff is savvy to potential phishing attacks to stop attacks before they begin. For more information about safeguarding your organization’s data, click here for the Medplace cybersecurity toolbox.

‍