Nov 20, 2023

How to Avoid Common Healthcare Phishing Attacks

Phishing attacks are one of the most common cybersecurity threats hospitals face. Protect your patient data by understanding common phishing tactics.

Phishing is a severe risk for providers.

Phishing, an email social engineering tactic, poses a severe threat to healthcare organizations, historically underinvested in security. According to Becker’s Hospital Review, cyberattacks increased 94 percent over the past year. All healthcare organization members must know what to watch out for in their inboxes to avoid phishing attempts.

Types of Attacks

hacker-2021-08-31-16-05-00-utc

The most common form of phishing is mass-produced emails targeting anyone who opens them. Often, they ask for personal information or include malicious attachments. Although the most common form, standard phishing accounted for multiple high-profile healthcare attacks in 2021, according to HealthIT Security.

Spear phishing takes a more targeted approach to the email tactic. Spear phishing emails include more effective personalization due to the hacker paying more attention to the victim’s department. These emails target individuals in an organization like admins.

Whaling is a colloquial term for phishing attacks directed at high-level organizational management like CEOs and CFOs. Usually, they use fear to gather personal information from these individuals. One typical example of whaling is an email alerting potential victims of legal action and prompting them to open an attachment or click a link to learn more.

In 2022, hackers can leverage any of these tactics through text or instant messaging. For example, it is common for them to send phishing attacks posing as a coworker or supervisor, known as Smishing. These messages often ask for payment in non-standard forms, like gift cards.

How to Detect Phishing Emails

The NIST cybersecurity Phish scale details some of the signs of malicious emails. Employees should scrutinize any email from an unknown sender asking for information. Additionally, emails with inconsistent branding, spelling errors, unprofessional formatting, or a generic greeting (“To whom it may concern”) may be a phishing attempt. Other suspicious signs are emails with a ‘too good to be true’ offer, claiming the victim won a contest or free vacation.

Protecting Your Healthcare Organization from Phishing

By encouraging a ‘culture’ of cybersecurity in their organization and making employees aware of cybersecurity risks, healthcare administrators can ensure that their staff is savvy to potential phishing attacks to stop attacks before they begin. For more information about safeguarding your organization’s data, click here for the Medplace cybersecurity toolbox.

I'm Interested in External Peer Review

Complete the form to schedule a demo or request an expert.

protected by reCAPTCHA
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Medplace

Everything You Need to Know About Improving Medical Peer Review

This guide will help explain everything you need to know about improving Medical Peer Review.

Read More
November 20, 2023

2 Ways to Standardize Your Peer Review Process

Here's how to standardize your hospital's peer review process with clinical guidelines and data collection.

Read More
October 13, 2023

Tips for Doctors Navigating Medical Peer Review

So, you've been selected to either conduct or be reviewed by a peer at your hospital. Here is what you need to know.

Read More
October 10, 2023

Get started in minutes.