Phishing attacks – through email or phone – are becoming more common by the day and your clinic could be the next victim. Phishing involves sending emails or calling users and attempting to trick them into revealing personal information through social engineering tactics. Criminals may pose as representatives of a financial institution, utility company or any other large corporation.
Phishing scams are relatively quick and easy for criminals to set up. It doesn’t require expensive technology or human resources. The payoff can be immense – whether in terms of gaining access to IT systems, stealing data or getting users to pay up to hundreds of dollars in fake bills or IRS audits.
Are You Vulnerable to Phishing Attacks?
Almost any business can fall victim to a phishing attack. That’s because these type of scams attack the weakest link in your security chain – people. Sophisticated tools like firewalls or antivirus software cannot help in a phishing attack if your employee willingly reveals the password or pays money to a fraudulent entity.
Imagine the consequences if your EDR software is compromised. Criminals can steal your patient data, medical records, confidential financial information, and so much more. You might even end up violating HIPAA provisions for such breaches. Losing access to the Facebook page for your business might not seem catastrophic until you see inappropriate posts pop up!
Another common phishing scam is the unpaid utility bill or IRS fines. Someone calls up your front desk pretending to be a representative of the power, water, or gas company and asks the receptionist to pay past bills. At best, your office is thrown into disarray as someone looks up payment records to make sure you are not behind. At worst, an employee might make the payment only for you to discover that it was a fraudulent attempt later on.
As a dental clinic, your office is vulnerable because you don’t want to lose power in the middle of complex procedures. It will inhibit your ability to care for your patience. A variation on this type of scam is for the criminal to pretend that your office owes back taxes or other fines to the IRS. Some business owners end up paying because they fear an audit or because they can’t find the relevant paperwork.
How to Protect Your Office against Phishing
Since criminals target the weakest link in the security chain, you should work on making it stronger. Training and awareness will go a long way in making sure that your employees don’t make costly mistakes. Security training programs should cover basic tips like the following:
- Always ask for ID and verification before giving out information or making payments
- If you suspect a scam, hang up and call the company directly
- No company or government agency will ever ask for your password over the phone
- Never make payments through prepaid cards or other unorthodox methods
- Speak to a supervisor or boss if you’re unsure how to respond
Criminals change their strategies all the time. It is up to you and your team to read up on the latest security and privacy threats. Being prepared is half the battle. Create a security policy and outline the steps to take in these situations. If one of your team members falls for such a scam, immediately change the passwords (or other compromised data). Call your bank and stop payment on checks or credit cards as soon as possible. You can also contact local law enforcement authorities for help. Don’t fall into the trap of looking for someone to blame. The important thing is to recover from the mistake and make sure it doesn’t happen again!