Tech & Innovation in Healthcare

Are there more phishing-like social engineering cybersecurity attacks we should be aware of?

Connecticut Subscriber

Answer: Yes, there are several ways that malicious threat actors use social engineering to attempt to gain access to your personal information, accounts, or records — all to steal information and money.

Here are three other cybersecurity attacks that are similar to phishing:

• Vishing: Voice phishing involves phone calls from threat actors pretending to be authorities from government agencies, software companies, or credit card services. Typically, the phone number will appear to have a local area code, so you’ll think the call is coming from a nearby entity that you might know or have a connection to.
• Spear phishing: Attackers will send a carefully crafted email message that looks like it’s from a trusted source to a group of specific individuals in an organization. Unlike traditional phishing attempts, spear phishing attempts can also include instant messages, social media, and other platforms to trick individuals into offering up compro­mising information.
• Whaling: This is similar to spear phishing, but the target is a person at the top of your organization, like a C-suite executive.

Each of these methods are very dangerous for organizations, especially in healthcare where patient information, diagnoses, and treatment plans are at risk. Every employee and staff member in your organization should stay wary of unsolicited and unexpected emails, particularly those messages that stress urgency.

Other tips to avoid falling victim to vishing, spear phishing, and whaling attempts include:

• Familiarize yourself with usual tactics used in these emails, like fraud, threats, and requests for help;
• Avoid clicking on links or downloading attachments in emails from unknown senders; and
• Report malicious emails as spam and alert your organization’s IT team of social engineering threats.