Phishing continues to be one of the most highly utilized methods by attackers to gain unauthorized access to health care organizations.
The recent cyber-attacks on the health care industry reveal the devastating impacts phishing attacks (particularly in the form of ransomware) can have on a health organization and their entire staff.
As a health organization it is imperative that we remain vigilant and be familiar with phishing attacks.
Some phishing tactics to familiarize yourself with
- Social Engineering: This could involve posing as a trusted individual, such as a colleague, IT support technician or vendor and requesting login credentials or other confidential data.
- Email Spoofing: Attackers spoof email addresses to make their messages appear as if they are coming from a legitimate source, such as a trusted vendor, colleague, or financial institution.
- Fake Websites: Attackers often create fake websites that mimic the appearance of legitimate sites, such as healthcare portals, email login pages, or e-commerce platforms. They lure victims to these sites through emails with links.
- Attachment-Based Phishing: Phishers may send emails with malicious attachments, such as infected PDFs or Word documents containing links to click, which in turn compromises the recipient’s device when opened.
- Urgency and Fear: Phishing emails often create a sense of urgency or fear to prompt recipients to take immediate action. This could involve threats of account suspension, legal action, or financial loss if the recipient doesn’t comply with the attacker’s instructions.
- Spear Phishing: Spear phishing involves targeting specific individuals or organizations with highly tailored phishing emails. Attackers research their targets to craft convincing messages that are more likely to succeed in tricking the recipient.
- Emails with QR Codes: A common tactic being used in recent phishing attacks is the use of QR codes that, when scanned, redirect you to a malicious website asking for your username and password. Always treat these with extra caution even if the sender is a known contact. There have been many cases of trusted, external contacts that have been compromised and then their email is used to send these phishing emails containing QR codes.
- Multi-Factor Authentication (MFA) prompts: If an attacker has acquired your credentials and attempts to login where MFA is required, this will cause a sign-in prompt or text (depending on your setup) to appear on your MFA enrolled device. If an MFA prompt is received for a sign-in you have not initiated, do not approve any of them. Contact the Help Desk at 615-343-HELP (3-4357) for assistance with resetting your password and to notify the VUMC IT Security Operations Incident Response team of the activity.
If the situation “just doesn’t seem right,” workforce members should follow their suspicions, consult a fellow staff member or manager for a second opinion, and/or call the Help Desk at 615-343-HELP (3-4357) and send the email to the VUMC IT Security Operations Incident Response team at phishing@vumc.org and ask them to verify it for you.
To protect against phishing attacks, individuals should remain vigilant, verify the authenticity of emails and websites, and avoid clicking on suspicious links or attachments.
It is because of your continued vigilance; we have decreased the number of successful attacks on our Medical Center.