In recent weeks 10 significant email hacking incidents were reported to the U.S. Department of Health and Human Services Office for Civil Rights. In total, these attacks have compromised nearly 90,000 healthcare records.
Here is a list of these attacks and the number of individuals affected in each. It is unclear if these were targeted attacks. While we do know these attacks were successful and PHI was compromised, we do not know how many attacks were unsuccessful or have yet to be discovered. This indicates that healthcare is increasingly a target for phishing attacks and the industry needs to step up its efforts to secure PHI.
The best way to prevent a successful phishing attack is to train your staff. Remind staff that phishing attacks are occurring, and what to look for in order to spot a phishing attack. Be sure to indicate who should be contacted if the staff has a question or if they receive a suspicious email. It may also be helpful to conduct a simulated phishing attack. This allows you to identify which staff need additional training, without compromising PHI. As phishing attacks increasingly focus on healthcare, now is the time to ramp up training efforts to ensure the security of PHI.