How Strong is Your CyberSecurity?

Protected health information is worth 50x more than credit card information on the black market. Criminals use this information for identity theft and insurance fraud. The health care industry is a target because the profits are so high and the problem is increasing.

The HIPAA E-Tool (@HIPAAETool) is here to guide you with how cybercrime affects your business. HIPAA regulations have long required that covered entities have a secure online presence – but what does that mean?  The HIPAA E-Tool provides policies, education and training you and your workforce need.

The cybercrime tactic known as “Phishing” is recognized as one of the most dangerous threats to the confidentiality, integrity and availability of electronic protected health information. Phishing attacks likely caused the Anthem breach of unsecured protected health information that affected 78,800,000 individuals that was reported to the U.S. Department of Health and Human Services on March 13, 2015. Phishing attacks are aimed at unsuspecting employees and try to trick them into clicking on a link or opening an email attachment that allows malicious software to invade an organization’s information system. Security software is hard pressed to keep up with the rapid development of new and different types of malicious software. The best defense against phishing attacks is for each of us to be alert and trained to recognize phishing attacks and not fall victim to them.

Here are some tips from the Breach Prevention Lesson Plan on Phishing Attacks (SR-13.T) found within The HIPAA E-Tool:

1.   Do Not Click on any Link in an Email without Examining It

The Microsoft Safety and Security Center gives this advice:

If you see a link in a suspicious email message, don’t click on it. Rest your mouse (but don’t click) on the link to see if the address matches the link that was typed in the message. In the example below the link reveals the real web address, as shown in the box with the yellow background. The string of cryptic numbers looks nothing like the company’s web address.

2.     Preserve Evidence of Suspected Phishing, if feasible

When a Workforce Member suspects a Phishing attack he or she should note the details by writing down the fraudulent characteristics or making a screen shot so an accurate report may be made and shared with appropriate management and other Workforce Members.

3.   Report Suspected Phishing Attacks Immediately

Workforce Members should know to whom they should report suspected Phishing attacks and the person’s contact information. Reports should be made immediately.

We know cybercrime is increasing, so take the time now to learn more and reduce the chance you become a victim next month or next year. 


The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Maggie Hales

Maggie Hales is a lawyer focusing on health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2022 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

Terms of Service | Privacy Policy

Mailing Address
The HIPAA E-Tool
PO Box 179104
St. Louis, MO 63117-9104

8820 Ladue Road Suite 200
St. Louis, MO 63124

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free