• Skip to main content
  • Skip to primary sidebar
  • Home
  • Topics
    • Administrating Excellence
    • Building the Office
    • COVID-19
    • Growing the Practice
    • Leading the Team
    • Making the Clinic Work
    • Medical Students/Residents
    • Using Health IT
  • Allscripts EHR Training Videos
  • Podcast
  • Resources
    • Case Studies
    • Checklists
    • Infographics
    • White Papers
  • Member Area
  • Member Login
  • Register

SBGM

Knowledge to Transform Your Medical Practice

The Perils of Phishing—Hook, Line, and Sinker

By Paul Cox

Phishing medical practice. Phishing is a type of cyberattack using email to trick someone into divulging personal information, including passwords.

Phishing is a type of cyberattack using email to trick someone into divulging personal information, including passwords. Health care phishing is growing because of the value of health care data coupled with the fact that everyone in a medical practice has an email and can be a target. 

In a phish, the attacker masquerades as a reputable entity or person, via email or other communication channels, and asks for valuable information (eg, credentials, usernames, passwords, and even social security numbers). To make matters worse, phishers often present the request as an urgent need for the targeted user to protect themselves by sharing this information. Alternatively, a phisher may ask the user to click a link, which then downloads and installs malware

Social Media Is Often Used 

Phishers often use social media networks (eg, Facebook, Twitter, and LinkedIn) to find information about a practice’s employees, including personal and work history, interests, friends, education, organizations, and activities. With this information, the phishers can craft very believable emails targeted to specific employees in the practice. 

Sometimes, attackers launch spear-phishing attacks against physicians or the practice manager. If they can penetrate the network, the attackers can lay low for months collecting data on email flows. Once they have enough information, they pose as a physician or practice manager to carry out their attack.

Learn more about how social media is used in phishing attacks in the video below.

Awareness Helps You Protect Yourself

Although steps can be taken (see our Cybersecurity Guide), there is no single answer to stop or prevent phishing. The first line of defense is educating everyone in the practice on how to recognize phishing. Here are several clues.

  • The recipient uses a Gmail or other public email address rather than a corporate email address
  • The message is written to invoke fear or a sense of urgency
  • The emails ask you to confirm personal information such as social security number or credit card number
  • An email that appears to be from Amazon, FedEx, or UPS about a package delivery that you are not expecting
  • The message includes a request to verify personal information, such as financial details or a password
  • The message is poorly written and has spelling and grammatical errors
  • There is a suspicious and unexpected attachment from someone out of the blue The email address does not look genuine–it has subdomains, misspelled URLs, variations of well knows URLs, or otherwise suspicious URLs

If you are ever uncertain about an email, ask a coworker what they think about it. It is better to take a few minutes to make sure the email is legitimate. In addition to the tools in our Cybersecurity Guide, antispyware software and anti-phishing toolbars that can be installed in web browsers, can be helpful in preventing phishing.

There are also several internet resources that provide help in combating phishing. The Anti-Phishing Working Group and the US federal government’s OnGuardOnline.gov website provide advice on spotting, avoiding and reporting phishing. Interactive security awareness training aids, such as Wombat Security Technologies’ Anti-Phishing Training Suite or CoDefense, can help teach employees to avoid phishing. Sites like FraudWatch International and MillerSmiles publish the latest phishing email subject lines circulating the internet.

Protecting your practice from phishing (along with other cyberthreats) is a complicated and full-time job beyond the capabilities of most practices. Although there are cybersecurity tasks that can be handled within the practice (eg, training and setting up a security plan), hiring an outside IT firm to manage your network security is well worth the money in the long run. 

To learn more about Cybersecurity and Using Health Care IT, join us on Facebook, Twitter, and LinkedIn. 

Cybersecurity Guide Available to Members of Smart Business Great Medicine.

Print Friendly, PDF & Email
Share the knowledge to transform your practice

Filed Under: Using Health IT, Latest Articles Tagged With: Administering Excellence, Cybersecurity, Using Health Care IT

Primary Sidebar

Tags

Accounting for Physicians Administering Excellence Administrative Excellence Building the Office Building the Practice Burnout Clinical Trials Compensation COVID-19 Cybersecurity Electronic Health Records embezzlement Emotional Intelligence Finance Growing the Practice health care accounting Health Care Practice Dynamics Health IT Human Resources Improving Outcomes Leading the Team Making Medicine Fun Again Making the Clinic Work Medical Appointment Scheduling medical practice accounting medical practice banking Medical Practice Embezzlement Medical Practice Expenses Medical Practice Finances Medical Practice Revenue Medical Schools Medical Students Patient Education Patient Engagement Phone Tree Practice Manager Prior Authorization Residency Scheduling Scheduling Software Staff Engagement Taxes Using Health Care IT Voice Assistants Voice Technology
JNP Enterprises © 2025 ·
This site uses technologies such as cookies to provide a better user experience by personalizing content and ads, analysing web traffic, trends, and improving site operations. we may share information about your use of the site with third parties in accordance with our Privacy Policy. By continuing to use this site, you agree that we can save cookies on your device, unless you have disabled them. You can change your cookie settings at any time by visiting our Cookie Policy, but parts of our site may not function correctly without them.OkPrivacy policy