Don't Fall for Pretexting
As healthcare providers embrace digital transformation to enhance patient care and streamline operations, they must also be vigilant against emerging cybersecurity threats. One such threat that demands increased attention today is called “pretexting."
What is pretexting?
In the world of cybercrime, pretexting refers to a sophisticated type of social engineering tactic. In this strategy, a malicious actor will create a convincing fake scenario to try and trick healthcare employees into handing over information, credentials, or funds.
In most cases, attackers will impersonate a supervisor or other associate using a compromised or similar email address. They may also pose as your IT support team or another vendor. Either way, whether by phone or email, they’ll make up a situation with a sense of urgency, such as “I’m in a meeting and this needs to be taken care of now.”
This threat isn’t unique to healthcare - cybercriminals are getting more creative and convincing across industries, but as always the medical records, login credentials, and other sensitive information providers store has a huge value to them for ransomware and other schemes.
As with so many serious cybersecurity threats, your best defense against this one is complete and effective employee training. Prepare staff for scenarios, and equip them with methods for verifying whether or not a message is legitimate. As we’ve said in the past, it’s important for your staff to have a “healthy paranoia” when it comes to handing out sensitive information.
Additionally, make sure you’ve adopted the best security measures, and implemented multi-factor authentication wherever possible. These will serve as critical protections for the data you collect, but may not be enough to keep out an attacker when an employee has handed them the keys.
The 2024 Updated HIPAA Compliance Training Module from Medcurity is a great place to start for getting your employees educated on the basics of HIPAA compliance and cybersecurity. From there, we recommend regular, ongoing training and testing, to reinforce your first line of defense - your staff.
If you have questions about the latest threats to your cybersecurity, and how you can continue to protect your data, reach out to your team at Medcurity!