April 22, 2024 Good morning! We hope we can cheer up your Monday blues with the announcement of our new educational series, Compliance Catastrophes: real-ish world examples of nightmare scenarios! Throughout this week, we’ll be releasing blogs and videos on common breaches of Protected Health Information (PHI) in healthcare, giving you the tips you need to stay secure. We’re starting our series with one of the most common HIPAA breaches: email scams. Email scams are very prevalent, with 91% of cyberattacks beginning with a phishing email. Phishing attempts are the most common form of cybercrime, with 3.4 BILLION spam emails sent daily. Now, before we get too far, let’s clear up any misconceptions. Phishing attempts are unfortunately not a Saturday night getaway on a boat with your friends catching fish, it’s much more like casting a lure of fake urgency or importance to try and ‘fish’ for personal information, like PHI. You might think that you could never fall for a phishing scam, but let me tell you, it happens quite often. Let me introduce you to the star of the week, Catastrophe Cathy. A One-way Ticket to a Breach Cathy was scrolling through her email, and she couldn’t believe her eyes! Her boss sent her an email offering her a week’s vacation to Italy! All she had to do was claim it by clicking the link listed at the bottom of the email. She was sold! It looked real; it said it was from her boss, Bob, and it even had his email signature! As she clicked the link, the malware began to work its nefarious magic – infecting her computer and getting access to PHI. Her dreams of seeing the Leaning Tower of Pisa came crashing down. Once she realized there was no trip. She panicked! What was she going to do? Email Safety 101 Now, we can be like Cathy if we aren’t careful when checking our emails! Falling for these phishing scams affects over 300,000 people a year, yielding over $50 million in losses. First, an always good rule of thumb: If it’s too good to be true, it’s not. Sorry, or scusa (sorry in Italian) Cathy! Next, always check who is sending the email. While it looked like it came from Bob the Boss, if she looked at the email address, she would have seen it came from Stevethescammer@email.com! Hackers pretending to be someone else at your organization is a very common practice known as spoofing. Lastly, if you see any odd links or attachments, never click them, report them as spam, delete them, and, if applicable, forward them to your organization’s phishing email! Phishing scams have also made a recent detrimental impact on healthcare. The OCR settled its first phishing cyber attack investigation, costing the Lafourche Medical Group $480,000! Reel in Control Now, if you find yourself falling for an email scam, the first thing you need to do is to alert your team. You might be embarrassed, but it’s brave to admit you’re wrong, ensuring others don’t fall for a similar attack, too. The most important step right now is to disconnect your device from the internet. Think of it like putting up a “closed for business” sign. This cuts off the hackers’ access and prevents them from finding more information on your network. Loop in your IT team or IT provider, and follow company procedures for a cyber attack. Of course, notify patients affected by the breach, and report the breach in your Abyde software and to the OCR. Also, since it is a phishing attempt, you can report it to the FTC. To learn more about common breaches, stay tuned to our blogs and videos this week! Follow us on social media to be the first to see the latest compliance news, and if you have any questions, email us at info@abyde.com.