Beware of Phishing Scams

Yet another healthcare system was attacked by a phishing scam. This time it was the Carle Foundation of Urbana, Illinois. According to Becker’s Healthcare, which made the announcement earlier today, the organization sent a letter to 1,653 patients informing them that they may have been affected.

While there is no evidence yet that the Carle Foundation breach exposed social security numbers or patient records, the news calls attention to a growing problem in healthcare data security. According to HIPAA Journal, 31.6 million healthcare records were breached during the first half of 2019, which is roughly double the number in the entirety of 2018.

Phishing is a particularly effective technique used by attackers seeking access to health records.  Jama Network Open reported that in a study of multiple healthcare institutions, the click rate on simulated phishing emails was approximately one in seven. “Email is an easy access point to hospital employees, many of whom have credentials for several internal information systems,” the study states. Furthermore, “attacks on hospital information systems have had substantial consequences, with closed practices, canceled surgical procedures, diverted ambulances, disruption of operations and damaged reputations.”  

When releasing data from any healthcare organization, it should always be done through a secure communications system, where there is an audit trail to show exactly what happened if it is ever questioned. With tight margins, public scrutiny, and patient outcomes at stake, healthcare systems simply cannot afford to have their workers release PHI by replying to insecure email messages. 

Fortunately, Biscom has solutions that can help, from Biscom Secure File Transfer to the cloud-based Biscom Transit.  Biscom’s secure document delivery and encrypted messaging solutions secure all communications from end-to-end, providing comprehensive audit trails, and help you stay in compliance with HIPAA.  Best of all, the user interfaces are as easy-to-use as email, without all the vulnerabilities.  Contact us for a consultation or ask to see a demonstration.