Medicare Compliance & Reimbursement

Tip: Don’t get spoofed.

Are you IT savvy? Could you spot a man-in-the-middle infiltration or distinguish a phishing expedition that involves the bait-and-switch?

Phishing is the most common type of social engineering in healthcare. And due to its prevalence in the news, you probably know to be wary of email correspondences from dubious origins. But what you may not know is that hackers continue to up their antes with more sophisticated tactics and schemes.

Definition: Social engineering is “an unauthorized attempt by someone masquerading as a legitimate party to elicit information from a staff member that may be used in attempts to compromise the security of systems or accounts,” says Jim Sheldon-Dean, founder and director of compliance services for Lewis Creek Systems, LLC in Charlotte,Vermont.

Recognizing attackers’ modus operandi will help you safeguard your practice systems and office security, saving you both money and headache. Pocket this social engineering and cybersecurity glossary for future reference in case you suspect a hack.

Baiting is a bait-and-switch technique offering something either digital (a free download) or physical (a USB-drive) which, once downloaded, corrupts your health IT system.

Cryptocurrency is a digital currency that implements encryption and is used to exchange funds via the net.

Malware refers to malicious software (using the “mal” and the “ware” from those words) and is designed to harm an unsuspecting computer.

Man-In-The-Middle occurs when a third party interrupts online communication between two entities. During the intercourse, the third party responds and alters the communication, posing as if he or she is one of the two original communicating parties.

Phishing is a fraudulent scheme via email where criminals pose as respectable companies to get your personal information and passwords. There are many different varieties of phishing.

Quid Pro Quo refers to the practice social engineers use by offering a gift, prize, or service in return for your log-in credentials or office data.

Ransomware is a type of malware that holds your data ransom by encrypting it and demands monetary payment to fix it.

Spear Phishing concerns a technique that targets a particular person, practice, department, or organization with an email scam.

Spoofing is a type of phone scam and occurs when a number comes up on caller ID and appears to be legitimate or belong to a real organization. However, in this type of malicious hack, the caller is actually posing as a member of the organization in order to get confidential information.

Spyware is a software that is installed without you knowing and transmits your data to others for nefarious purposes.

Tailgating, also known as piggybacking, happens when a person poses as a co-worker, enters restricted areas, and eventually accesses a large practice, clinic, or hospital IT system. The tailgater goal — to corrupt the system and/or steal patient and practice data.

Virus is a digital infection that prevents your computer from running properly and infects your files.

Whaling refers to a type of phishing that targets executive emails, stealing the most sensitive practice or company information and corrupts systems from the top down.

Worm is a stand-alone software that enters a vulnerable part of your system and takes advantage of its information.

Reminder: “Social engineering tactics are designed to obtain secure information (login, customer, patient, or corporate data) by conning a person into revealing the information,” explains Michael Whitcomb, CEO of the IT security and regulatory compliance firm Loricca in Tampa, Florida. These types of attacks exploit the overly trusting nature of most people. But with a combination of training, concrete policies, and skepticism, social engineers can be stopped in their tracks.