Phishing emails usually appear to come from a well-known organization and ask for your personal information – such as credit card number, social security number, account number or password. Often times phishing attempts appear to come from sites, services, and companies with which you do not even have an account. More information about phishing emails can be found in related article: Rise of Email Scams and CryptoWall
Example of Phishing Email
The most common phishing attack is email sender asking for a wire transfer. Typically, the attacker composes the email from one person of the organization and sends it directly to another, asking for some amount of money to be transferred. Below is how a typical wire transfer scam email may read:
Recently the popular App developer, Snapchat, was the target of an isolated phishing attack in which the scammer sent an email as from the CEO of a company asking an employee for payroll information. In this case, the email was constructed very well and it looked legitimate. The employee did not determine it as a scam and released the information to the attacker.
Snapchat took the correct actions after the breach was realized. They released a notice of the breach on its blog outlining some of the details as well as notified the FBI. It also worked victims of the breach and offered free credit monitoring to those individuals.
Impact of Phishing Emails on Healthcare Providers
This type of breach can occur within any type of organization. For healthcare or medical providers, users have to be especially careful what they release through email. If patient records are unintentionally released, organizations can face severe penalties for wrongful disclosure. Medical organizations should take necessary precaution to try and prevent data leakages, such as deploying a firewall, antivirus software, and spam filters. Medical organizations should also routinely train workforce members on new security threats.
One of the recent Ponemon studies reported that victims of identity theft from phishing scams spend, on average, $13,500 to reimburse their healthcare provider, restore their credit and correct inaccuracies that are now in their healthcare records, after fraudulent claims have been made.
Since 2015, the healthcare industry was the second biggest victim of data breaches in the country. 2018 may still have healthcare professionals worry about their network security and HIPAA breaches.
If you receive an email that is asking for a large amount of data always question it. Call or ask the sender first to validate the request. If a reply email is sent, the attacker knows the email account is legit and will continue to send phishing attempts.