Phishing Attackers Now Have New Target: Medical Schools

UNC-Chapen Hill School of Medicine, located within the University of North Carolina, recently reported a potential month-long phishing attack, which potentially breached the protected health information of over 3,700 patients. Their communication,  made on their website on November 12, 2019, confirmed that unauthorized third parties had gained access to "several email accounts" from May to June, 2018.

Within the emails was personal information regarding treatments received, as well as important identity-related information, including their names and dates of birth, addresses, health insurance numbers, social security numbers, bank account numbers and credit card details. UNC offered those affected free credit monitoring and identity protection services as a way to reduce possible damage, assuring the public that it had implemented multi-factor authentication systems to boost email security. UNC has also vowed to train staff on ways to  recognize and stop phishing.


UNC Is Not Alone
A similar communication was made recently by Connecticut-based healthcare group Starling Physicians, who were victims of a phishing attack on February 8, 2019. Three email accounts were involved, all of which also contained vital information - including social security numbers, dates of birth, and names. Similar efforts were made to aid affected patients. This type of information is highly valuable on the black market, since it contains the information required to commit identity fraud. This crime is becoming increasingly more common thanks to the proliferation of phishing attacks.

Currently, almost 60 million Americans have been  affected by identity theft, according to information gathered in 2018 by The Harris Poll. One worrisome fact is that organizations are nearly always unaware that a phishing attack has taken place until enough time has passed for attackers to utilize information. As seen above, months passed before victims were aware that their data had been breached. It is therefore logical for individuals to take matters into their own hands. They can start out by doing research and comparing the level of protection offered by different entities. Some sites offer cost and service comparisons, which can make the process easier. Detailed information on the  best identity theft protection on Crediful.com is a good place to begin.


How Does Identity Protection Work?
Identity protection ranges in strength and quality, though one of the key services that can stop identity theft in its tracks is the close monitoring of social security numbers. Thanks to the rapidity of artificial intelligence, billions of documents can be scanned (including public records) to determine if your number has been used suspiciously. Additional measures should include scouring the dark web and checking all police records. To hone in on financial safety, measures should be taken to monitor credit reports periodically to ensure no undue transactions have been made in one's name.

Data protection can include receiving monthly credit reports from major credit bureaus so that financial threats can be immediately spotted and stopped. Even the most comprehensive of data theft policies are under around $30, making them a worthy investment in this day and age of vast provision and sharing of personal data.

The two recent hacking cases mentioned above make patent the fact that medical schools and clinics are at a risk of identity theft, since sensitive information can be contained in emails, digital patient forms, and other digital records. Fighting this type of fraud should begin with hospitals, medical schools, and other patient-centered institutions. All  patient data should be encrypted, and hardware should be required to access patients' data.

Adopting a bring your own device policy can help prevent internal data breaches, as can scrutinizing medical documents to be moved to the cloud, providing staff with continuous education regarding patient privacy, and conducting risk assessments of computer systems used in healthcare institutions. Individuals, too, can guard themselves against identity theft by taking the precautions required to stay abreast of any suspicious activity with respect to their identity or financial information.