What is Phishing anyway?

How To Spot Phishing

In this week’s “Know The Rules!,” I present different methods Covered Entities (CEs) and Business Associates (BAs) can use to detect and avoid phishing attacks.

Spam & Phishing on Social Networks

Spam, phishing and other scams aren’t limited to just email. They’re also prevalent on social networking sites, like Facebook, WhatsApp, Instagram and Twitter.

The same rules apply on social networks: When in doubt, throw it out. This rule applies to links in online ads, status updates, tweets and other posts.

How Do You Avoid Being a Victim?

Don’t reveal personal or financial information in an email and do not respond to email solicitations or phone calls for this type information. Before sending sensitive information over the Internet, check the security of the website.

Pay attention to the website’s URL

Malicious websites may look identical to a legitimate site, but the URL may use a variation in spelling or a different domain (e.g., .com versus .net).

If you are unsure whether an email request is legitimate, try to verify it by contacting the company directly. Contact the company using information provided on an account statement, not information provided in an email.

Information about known phishing attacks is available online from groups such as the Anti-Phishing Working Group.

Keep a clean machine

Having the latest operating system, software, web browsers, anti-virus protection and apps are the best defenses against viruses, malware, and other online threats.

What Should You Do if You Think You are a Victim?

Report it to the appropriate individuals within the organization, including network administrators. If you believe your financial accounts may be compromised, contact your financial institution immediately and close the account(s).

Watch for any unauthorized charges to your account.

When in doubt, throw it outlinks in email, tweets, posts and online advertising are often how cybercriminals try to compromise your information. If it looks suspicious, even if you know the source, it’s best to delete or, if appropriate, mark it as junk.

Here are a few tips to help you keep your information secure:

  1. Think before you act: Be wary of communications that implores you to act immediately, offers something that sounds too good to be true or asks for personal information.
  2. Make your password a sentence: A strong password is a sentence that is at least 12 characters long. Focus on positive sentences or phrases that you like to think about and are easy to remember (for example, “I love country music.”). On many sites, you can even use spaces!
  3. Unique account, unique password:  Having separate passwords for every account helps to thwart cybercriminals. At a minimum, separate your work and personal accounts and make sure that your critical accounts have the strongest passwords.
  4. Lock down your login: Fortify your online accounts by enabling the strongest authentication tools available, such as biometrics, security keys or a unique one-time code through an app on your mobile device. Your usernames and passwords are not enough to protect key accounts like email, banking and social media.

Covered Entities and Business Associates need to understand your patients are entrusting YOU with their most private and intimate details, they expect it to remain secure.

Besides, it is YOUR practice, YOUR patients, YOUR reputation, and YOUR legacy! Why are you leaving yourself wide open to such risks?




For tips like this and more request your copy of our “HIPAA Security Rule – Know The Rules!” Newsletter Today.