By 2024, phishing attacks should be known by our entire healthcare industry. Criminals have pivoted their bad behavior to this exploitable tactic. This is not news. However, some out there may not realize the extent that businesses are supporting crime.
There are tools out there, including artificial intelligence (AI) services that generate phishing attack emails - for a subscription. I received two identical emails just this morning that were worded identically and believe they were AI generated. Platforms like FraudGPT offer these subscriptions starting at a couple hundred dollars per month. Think for a moment how inexpensive this is for someone who wants to commit fraud or other illegal activity with YOUR patients' ePHI.
HHS has published a whitepaper titled "AI-Augmented Phishing and the Threat to the Health Sector" and you may wish to give it a read; it's linked in the graphic below. More importantly, we emphatically recommend phishing services from someone. Training your workforce is one of the best security controls that you can deploy. Contact us if you need help understanding phishing services; we won't try to sell you a thing.
Stay (HIPAA) safe,