Fraud Alert: Beware of Tax Related Scams
Healthcare professionals are gatekeepers to a variety of confidential information about their patients and the businesses that they work for, and for this reason, they are a highly coveted target by cybercriminals.
Being on guard and alert all year is critical when you are overseeing the Protected Health Information (PHI) of your patients. Be aware, you may think that you are simply confirming a social security number or address from a tax professional or email link for tax purposes, but you may be providing the final piece of a puzzle in compromising an individual’s identity.
Like scams that are directed to shoppers on Black Friday, you must be on high alert during this tax season. Yes, you are possibly violating HIPAA, but you could also be breaking the rules of a strong cybersecurity program that protects you, your business, and your patient information.
How Do Hackers Do Their Work?
The list of cybercrime tactics is always evolving, changing, and unfortunately growing. So, providing a complete list is something that no one could confidently do. However, you should be suspicious of emails or phone calls that request patient information or confirm information that the caller or emailer provides. They may say that they are looking to provide you with updated information for your records or include links for you to click on and update information. You may receive emails that request details about patients or even your business that is confidential. These can include name address and telephone number, but they may also be for banking or login credentials.
And while these messages appear to be legitimate, they may be an imposter that has very cleverly disguised their email address or phone number to appear identical to a legitimate contact. A business email compromise (BEC) attack is a spoof of a high-level executive request, and they are successful because the recipient will act in haste from a place of trust, or even fear, of not doing their job.
Remember to always pause before reacting when it comes to providing patient information. If you aren’t sure, ask for a callback number or contact your patient directly with questions. Taking a moment to double-check can save you years of regret.
This article was originally published on HIPAA Secure Now! and is republished here with permission.