The following is written by Marion K. Jenkins, PhD, FHIMSS, founder and CEO of QSE Technologies.
We have addressed the risks of social networking a few other times. Social networking, including blogs, FaceBook, Twitter, etc., can be a useful way to help market your ambulatory surgery center. However, like every other good thing in technology — "always-on" broadband internet connections, inexpensive but high-capacity portable storage media, lightweight laptops with massive hard drives, etc. — it has a downside.
There is nothing inherently wrong with social networking sites, but they can be used in new and creative ways to compromise your ASC's systems.
Some recent scams that are largely perpetrated through FaceBook take advantage of several dynamics of human behavior:
1. Many people implicitly trust legitimate-looking e-mails that appear to come from an official source, and behave completely irrationally. If an e-mail contains certain official-sounding phraseology, sometimes users will lower their guard and behave online in a way that would be completely unheard of ITRW (In The Real World). As an example, if a man walked up to you on the street, pulled out some official-looking Chase Bank identification card and asked you for your Chase account info, you wouldn't give the info to him. But people fall for the online version of that trick all the time, without thinking about the fact that Chase should already have their info.
2. People trust stuff from their friends. Between e-mail traffic and instant messenger and online postings on social network sites, we are barraged with messages that begin, "Hey, check this out…this is cool." Our guard is definitely lowered when we get a message like this that seems like it comes from a close friend, especially if it looks like it might contain a cute cat video or some clever new cartoon.
3. We love free stuff and "deals." E-mail scams still abound where the "payload" or hook is some form of free stuff, whether it's a free trip to Puerto Rico or a free stuffed animal.
4. Social networking has only gained widespread use in the last few years, with some people only embracing it in the last several months. So users are still somewhat in rookie mode, which makes them susceptible to scams that would probably no longer work via e-mail.
Putting all this stuff together, a recent scam involving a "free" iPad has ramped up into high gear on FaceBook. Somehow a nefarious character gets a hold of someone's FaceBook account and posts something like, "Hey I can't believe it, I actually got a free iPad to test out and keep. They are only giving away a limited supply, so I'm showing you this. There are still giving them away from the new years overstock! I absolutely LOVE the iPad."
The post looks legitimate, and hey, it came from a friend, and who wouldn't like a free iPad, especially to just "test"?
If you follow the link, you will be asked to enter information that could either lead to identity theft or a compromise of your ASC's IT systems, or both. Don't fall for it.
You should constantly evaluate your online behavior and ask yourself the question: Does this seem legitimate? Did this message actually originate from the friend it purports to be? If this interchange were happening ITRW, would I be going through with it? And if you suspect you have been a victim of an online scam, you should change your passwords and possibly your user name. If the episode involved the ASC's systems in any way, you should also contact your HIPAA Security officer.
Marion K. Jenkins, PhD, FHIMSS, is founder and CEO of QSE Technologies, which provides IT consulting and implementation services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
Read more from Marion Jenkins:
- Critical Surgery Center Advice: Work to Prevent User-Enabled HIPAA Data Breaches
- Surveys Reveal Surging Interest in Healthcare IT by Investors, Providers
- Laptops, Portable Media Represent Leading Cause of HIPAA Data Breaches