beware of phishing emails

phishing scams The Federal Trade Commission (FTC) Bureau of Consumer Protection released a study this month (March 2017) indicating that business entities could be doing more to stop malicious emails from hitting the inboxes of employees. The goal behind many malicious emails is to trick individuals into turning over either their own confidential, personal information or confidential business information to which the individual has access due to his or her job responsibilities. Cyber criminals use social media sites such as LinkedIn, an entity’s own website, Internet search engines and other public resources to identify individuals with likely access to valuable information. The attacker uses such information to compose an email that spoofs an otherwise legitimate sender, such as a bank, mortgage company, Internet service provider (e.g., AT&T, Verizon, Spectrum, etc.), a business partner or even another employee. These malicious emails are commonly referred to as “phishing email” or “spoof email”.

The FTC’s report, titled Businesses Can Help Stop Phishing and Protect their Brands Using Email Authentication (Report), states that many businesses are not taking advantage of Continue reading →

The Department of Health and Human Services’s Office for Civil Rights (OCR) announced last week that it has launched Phase 2 of its HIPAA Audit Program. Under this Audit Program, OCR will review whether entities subject to the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Data Breach Notification regulations are complying with those regulations. OCR has already begun to send initial emails to “covered entities” and “business associates” (defined in the HIPAA regulations) regarding the audits that seek to verify contact information.

Tip: These emails may be incorrectly classified as spam by corporate or email filters. OCR expects covered entities and business associates to check spam and junk email folders for emails from OCR.

Warning: Sophisticated cybercriminals could use the OCR audits as an opportunity to send fake OCR emails (“phishing emails”) in an attempt to trick employees into turning over individual health information or to click on links that download harmful malware into the organization’s computer network. Do not click on links or supply any documentation until Continue reading →

Wyatt HiTech Law Blog

A legal blog about consumer and business data privacy and security in a high tech world

FTC study identifies email tools businesses can use to screen out spoof email

New HIPAA Auditing Process Begins – Are You Ready?