Email Safety

Email Safety in Healthcare
Abyde News, Best Practices, HIPAA

One Click Away from a Breach: Protecting your Practice from Phishing Emails

August 28, 2025 No comments yet

August 28, 2025   We’ve all received an email that’s a little too good to be true.  Maybe it’s a “Congratulations, you’ve won a free vacation!” message, or a heartfelt request from an “international prince” who just needs your bank details. While these examples may sound obvious, phishing emails today are far more convincing, using logos, sender names, and even tone that mirror trusted organizations. However, healthcare staff have an even bigger target on their backs due to the sensitive nature of Protected Health Information (PHI). Healthcare staff, from the office manager to the doctor, are close to patients’ Social Security Numbers, billing information, and more, all of which are a goldmine for a malicious actor.  In light of the most recent $170,000 phishing HIPAA fine, it’s essential to review the best tips for keeping your email and patient data secure.    Email Safety 101 When hackers send 3.4 billion phishing emails daily, it’s essential to remain vigilant when reviewing emails. One mistaken click can jeopardize thousands of health records, so always carefully read your emails.  While your spam filter might hide some risky emails, phishing has become more advanced, including spoofing staff members and, in general, looking legitimate upon first glance.  First, when receiving an email, always think before you click. Does the email look suspicious? Is the grammar odd? Are there unnecessary attachments? Never download any attachments unless you are sure of the sender. A hacker could expose your entire practice to ransomware with one unsafe attachment. All it takes is one click.  When receiving an email, always ensure the account looks authentic. A familiar name doesn’t always mean a safe email. Cybercriminals are betting on healthcare staff not knowing the difference between ‘yourboss@email.com’ and ‘y0urboss@email.com’. The internet also provides hackers access to public posts, so even if the profile photo might be of your boss, chances are it isn’t your boss sending you an email demanding personal information.  Watch for common red flags.  If an email feels unusual, pause before acting, especially with messages marked as “urgent.” Cybercriminals rely on panic to push quick clicks. For example, an email shouting “WARNING: Update your EHR immediately using this link” is likely a scam designed to trick you into handing over access.  Delete spam emails or forward them to your phishing IT team (if applicable, likely for larger organizations), and ensure your team is aware of any threats and trained to identify and handle them appropriately.    Keeping it Secure Phishing emails aren’t rare; they’re routine.  That’s why it’s critical to give your staff the tools they need to safeguard PHI. A strong compliance program goes beyond policies by providing hands-on email safety training, encouraging protections like multi-factor authentication, and connecting your practice with trusted IT resources. Meet with an expert today to learn more about HIPAA compliance and email safety.  

HIPAA Compliance Email Safety
Best Practices, Cybersecurity, HIPAA

Compliance Catastrophes: Email Safety

April 22, 2024 Comments Off on Compliance Catastrophes: Email Safety

April 22, 2024 Good morning! We hope we can cheer up your Monday blues with the announcement of our new educational series, Compliance Catastrophes: real-ish world examples of nightmare scenarios!  Throughout this week, we’ll be releasing blogs and videos on common breaches of Protected Health Information (PHI) in healthcare, giving you the tips you need to stay secure.  We’re starting our series with one of the most common HIPAA breaches: email scams.  Email scams are very prevalent, with 91% of cyberattacks beginning with a phishing email. Phishing attempts are the most common form of cybercrime, with 3.4 BILLION spam emails sent daily.  Now, before we get too far, let’s clear up any misconceptions. Phishing attempts are unfortunately not a Saturday night getaway on a boat with your friends catching fish, it’s much more like casting a lure of fake urgency or importance to try and ‘fish’ for personal information, like PHI. You might think that you could never fall for a phishing scam, but let me tell you, it happens quite often.  Let me introduce you to the star of the week, Catastrophe Cathy.  A One-way Ticket to a Breach Cathy was scrolling through her email, and she couldn’t believe her eyes! Her boss sent her an email offering her a week’s vacation to Italy! All she had to do was claim it by clicking the link listed at the bottom of the email.  She was sold! It looked real; it said it was from her boss, Bob, and it even had his email signature!  As she clicked the link, the malware began to work its nefarious magic – infecting her computer and getting access to PHI.  Her dreams of seeing the Leaning Tower of Pisa came crashing down. Once she realized there was no trip. She panicked! What was she going to do?  Email Safety 101 Now, we can be like Cathy if we aren’t careful when checking our emails!  Falling for these phishing scams affects over 300,000 people a year, yielding over $50 million in losses.  First, an always good rule of thumb: If it’s too good to be true, it’s not. Sorry, or scusa (sorry in Italian) Cathy!  Next, always check who is sending the email. While it looked like it came from Bob the Boss, if she looked at the email address, she would have seen it came from Stevethescammer@email.com! Hackers pretending to be someone else at your organization is a very common practice known as spoofing.  Lastly, if you see any odd links or attachments, never click them, report them as spam, delete them, and, if applicable, forward them to your organization’s phishing email!  Phishing scams have also made a recent detrimental impact on healthcare. The OCR settled its first phishing cyber attack investigation, costing the Lafourche Medical Group $480,000!  Reel in Control Now, if you find yourself falling for an email scam, the first thing you need to do is to alert your team. You might be embarrassed, but it’s brave to admit you’re wrong, ensuring others don’t fall for a similar attack, too.  The most important step right now is to disconnect your device from the internet. Think of it like putting up a “closed for business” sign. This cuts off the hackers’ access and prevents them from finding more information on your network.  Loop in your IT team or IT provider, and follow company procedures for a cyber attack. Of course, notify patients affected by the breach, and report the breach in your Abyde software and to the OCR. Also, since it is a phishing attempt, you can report it to the FTC.  To learn more about common breaches, stay tuned to our blogs and videos this week! Follow us on social media to be the first to see the latest compliance news, and if you have any questions, email us at info@abyde.com. 

How does AI impact your practice? Join our next webinar to learn the latest.

REGISTER NOW
X

Are you ready for an audit? Use our new HIPAA Audit Checklist to get prepared.

DOWNLOAD NOW
X