Phishing scams — where the e-mail contains a form or a link to a form that attempts to get you to enter personal and/or financial information, are also as rampant as ever. And they come in every conceivable variation, with evermore sophisticated and real-looking formatting and graphics, disguised to look innocent and/or legitimate. Without careful attention, you or your surgery center could fall victim to phishing scams.
Phishing scams are usually disguised to look like they originate from legitimate companies — many times they are easy to spot and ignore because the originator may not be someone you do business with at all. An e-mail from the Naval Federal Credit Union asking you to update your account information would be pretty easy to spot as a hoax if you don’t even have an account there. And an e-mail saying you have “one 7 billion euros in a lottery in Italy” is obviously suspicious and easy to spot and avoid.
But the more devious ones perhaps appear to originate from someone that you indeed may do business with — your medical supply company, from CMS, from one of your contracted insurance carriers, from FedEx or from your bank. They may also appear to come from your ASC itself, from the “IT department” or system administrator. They all ask you to do something that seems fairly legitimate — reset your password, verify your PIN, update your account number, etc. Sometimes the scam goes even further in its deceit, saying something about a recent security audit or system upgrade that requires you to reset your password or PIN.
Before you click on a link or open an attached form, THINK ABOUT IT.
If someone you didn’t know walked up to you on the street and said they were from your bank, and asked you to verify your bank information, including supplying your account information and PIN, you would immediately be suspicious and refuse to give it. If the person were indeed from your bank, they would already have that information and would need you to provide it.
You should apply that same thought process with e-mails. If an e-mail appears to come from an organization that seems legitimate, before clicking on the link or opening the attachment, ask yourself if the message and the information request seems reasonable. Step back and pretend this is an ITRW (in the real world) request. Would you honor such a request if a random or unknown person delivered it to you? Does it seem like the information being requested is odd, or that the e-mail originator should already have that information?
If you have any questions about a suspicious e-mail, you should check first with your manager or supervisor, and possibly check with your IT systems administrator or HIPAA Security Officer.
Marion K. Jenkins, PhD, is founder and CEO of QSE Technologies, which provides IT consulting and implementation services for ASCs and other medical facilities nationwide. Learn more about QSE Technologies at www.qsetech.com.
Read more insight on ASC IT from Marion Jenkins:
– Digital Copiers and Printers: A Little-Known HIPAA Security Risk
