With new rounds of availability for the COVID-19 vaccine, we’ve seen a tremendous increase in cyberattacks on the healthcare industry. According to a the HIPAA Journal, there has been a 25% increase of data breaches between 2019 and 2020 and we only expect it to get worse in 2021. IT professionals have been working tirelessly against these attacks to protect patient information.
What to Look for
- A generic introduction or mistake in the introduction, such as a misspelling of your name is an easy way to spot a fake email.
- The email address that the email was sent from is not related to the provider, especially note that healthcare organizations will not send from a public email domain such as @yahoo.com or @gmail.com.
- Check the actual email address, not just the display name. Hackers can set up the email to display as anything, so they’ll likely choose the name of the provider. Be sure to look at the email address as that can hold some clues as to who is trying to contact you.
- A sense of urgency is another telltale sign of a suspicious email. Most hackers pull victims in by requesting the user click a button or link now or else the opportunity will expire.
- The email is requesting payment. Most organizations have you pay in-person, over the phone, or through a portal on their website. It is unlikely that your healthcare provider would send an invoice directly to you via email.
- The email is requesting personal information for verification. Your healthcare provider will not verify personal information through an email.
What to Do Next
- Trust your gut. If something doesn’t look right, call your healthcare provider to ask if they’ve sent the email and be sure not to click on anything within the email.
- If your healthcare provider says that they did not send the email, forward the email to the Anti-Phishing Work Group at firstname.lastname@example.org.
- Report the phishing email to the Federal Trade Commission here or for specifically COVID-19 related scams here.
How to Protect Your Accounts and Technology
- Use a security software on your computer. This doesn’t have to be an expensive endeavor, software can cost as little as $19.99 per year.
- Protect your mobile phone as well. Keeping apps updated lowers the risk of attacks and be sure to read and understand what information the apps will have access to.
- Use multi-factor authentication such as a PIN or fingerprint ID.
- Keep passwords updated regularly and use different passwords for your accounts. You don’t want your Facebook password to be the same password as the password for your sensitive health information.
- Stay up to date on the latest cyberattacks and trends so you know exactly what to look for.