Click here to download the transcript.
Disclaimer: The following is an actual transcript. We do our best to make sure the transcript is as accurate as possible, however, it may contain spelling or grammatical errors. We suggest you watch the video while reading the transcript.
Hey everybody. Good morning, good afternoon, whatever it may be for you. This is Dr. Perry Barnhill with the Fearless Chiropractor. I wanna give a big thanks to ChiroSecure for sponsoring this show on social engineering and how it may affect your practice. Go to slides. Again, big thanks to ChiroSecure for sponsoring the show on social engineering.
Okay, so if you’ve heard some of the shows we’ve done in the past, we’ve talked about you need to plan, prepare, and protect yourself and your offices when it comes to HIPAA and the things that may cause. Problems. So let’s get into this myself again. Dr. Perry Barnhill. Dr. Julie McLaughlin. Why do we teach HIPAA?
Click here for the best Chiropractic Malpractice Insurance
We understand what it’s like to be in practice ’cause we’re chiropractors just like you. But we also get to see through a different sets of lens, meaning we are compliance officers and we teach HIPAA and we know what’s going on out there in the world of HIPAA and what happens if there’s a breach, which is something we don’t want to happen, which is exactly why we are doing this show.
Okay, so as everybody’s jumping on here. Go ahead and scan the QR code here and take a quiz. See where you’re at. In the world of HIPAA, many people think they’re HIPAA compliant. They have a notice of patient privacy policy. They have patients fill out a few forms and they think they are good to go.
Get a Quick Quote and See What You Can Save
That’s not the case. You need much more than that. So we’ve developed this little quiz. It’s quick, it’s easy, it’s fun. Scan the QR code and then it’ll give you a grade. If you are anything but an A, you definitely need to get caught up on some things. You may need a lot of help. You may need a little bit of help.
Take the quiz, check it out, and see where you are. So let’s jump into this. What is social engineering and how does it work? Social engineering is a form of psychological manipulation that tricks users, US chiropractors, and our staff into making mistakes and giving away sensitive information. And when I say sensitive information, I’m talking about patient information or ways we refer to as PHI Protected health information.
It relies on human error. Instead of vulnerabilities in the software and operating systems by exploiting human emotions. So here’s some examples. You get an email and it says, sent by a quote unquote friend or a message relaying a troubling story about someone you may know. Message saying that time is running out, and sometimes messages that seem too good to be true.
Or messages that offer help that you’ve never requested. These are all emails, even texts that we can get that you gotta be extremely cautious to respond to. ’cause if we respond to the wrong one, they could breach our systems and get in and instill the PHI, which is a big problem and creates massive stress.
So impacts to healthcare. You’ve probably heard this, you’ve probably read it before. It is huge. It’s in the millions of dollars. And the thing is that hacking is responsible for 75% of all the incidences in 2022. They include phishing, email, attach, and ransom and malware. Malware incidences. 80% of all breached patient records in 2022 were caused by hacking.
So this is a big deal and check this out. This is why the hackers and the cyber criminals are chasing after us as healthcare providers and staff because they can sell a single medical record for up to 250 bucks. These guys make a ton of money. Being correct, instilling this information, which in turn puts us in a very compromising situation with HIPAA.
So here’s some common clues in social engineering I want you to be aware of. They trick you into revealing information. They can install malware on your computers. And again, like I said earlier, it relies on human error. So mistakes that we make, mistakes that our staff makes instead of vulnerabilities and software and our operating systems.
So let’s take a quick little quiz here. Okay. Hackers like to use social engineering techniques to trick you into making a security mistake. They do this by adding these words or phrases to a message. Select the answer from the list below. Is it A sending a message with a sense of urgency? B, including wording that says, quick time is running out.
C, mention an illness of a family member or friend, or how about D? All the above. Okay, so I bet you get this one correctly. It’s D. It’s all of the above. They use terminology such as urgency and references to family or friends. They’re all attempts to trick you, so you really gotta be cautious of this.
Make sure you talk to your staff about these things so they’re keenly aware of what could potentially happen. So the most common form of social engineering, you may have heard of this one before most of you had, is called phishing. It’s a form of engineering that uses email or malicious websites to solicit personal information by posting as a trustworthy organization.
So how about this one? Spear phishing. This is also a form of social engineering that targets a narrower audience, hence the spear. These attacks are more coordinated, and some examples of this is MSMS or text messages. They’re shooting these things through our phones and our staff, us as doctors of chiropractic, become very vulnerable if we’re not aware of it and we click the wrong links.
Here’s some examples, and you may have got these things before in your email, or sometimes your tax world will say, Hey, your bank account is locked, and they want you to respond to this. Or a message claiming to be one of your credit cards, like American Express. Hey, there’s suspicious activity.
Now that may be correct. It may not be correct. What I’m saying is that. You really need to be cautious and make 100% sure that it’s legitimate sender or it’s not. Or how about this one? You won a prize, click here to get it, and then boom, they attack you. Number four. It must be a fake, but it’s also a funny attack, so be careful there.
Sometimes things are funny and they get you to click on it. Number five, unusual activity message you that says you need to click to secure your data. So these are all things that you really need to talk to your staff about so they don’t fall vulnerable or victim to these things. This chart right here this sort of, these squares here is something that you literally should train your staff on.
It’s recognizing and reporting phish. In fact, you should even take a screenshot of it and talk to your staff about this because if we can prevent these things from happening. Then we’re, okay. It’s all about prevention. But once they happen and you have a breach, guess what? You’re calling up HIPAA, you’re calling up the OCR, the Office of Civil Rights, which are basically the HIPAA police, and you have to report it, and you don’t wanna be in that position.
So here’s a few things to check for when you suspect that an email might be a phishing attempt. I’m not gonna read through every bullet point, but I just wanna bring up the main topics. The sender is unfamiliar. It’s unexpected or the message doesn’t look right, it just doesn’t read right. Check the from address part, make sure it’s legitimate.
A lot of times it’ll be sent things sent to our email or even text and you can see the address up there and it looks really bizarre. It looks really weird. If that’s the case, it probably is and don’t respond to it. Inspect all links and attach fires. Kinda like I said, hovering over the reap reply part and seeing what it says, but don’t click on it.
So this alone could serve as a training for your staff to give to them to help prevent this from happening in the first place. Here’s a checklist too. You can go, check your cyber pulse as we like to call it. Don’t recognize a sender. And I know I’m reiterating a few things here, but if you know these things, you’ll be so much better protected, not expecting attachment or email.
The from address that I talked about, urgency, there’re invoking a sense of urgency. Is it a standard internal procedure for IT issues? How about this? Is the web website secure? Is this email asking you for logging credentials? The bad grammar, the spelling, it just doesn’t phrase right. It doesn’t read right.
The greeting, the signature generic or it lacks contact information. These are huge things that you need to be aware of, again, in order to help prevent these things from happening. And if they do happen again, you gotta report on, that’s a whole area you don’t want to go down if. You’re not prepared and if you’re not compliant, ’cause then you get yourself some big trouble if you are much better off.
So that leads me to some of the next steps. If you have questions for us regarding HIPAA, we’re more than happy to talk to you about these things. You can contact us. You can contact me at be at Dr. perry@betterHIPAAblueprint.com. You can also contact Julie at the same Dr. julie@betterHIPAAblueprint.com.
Or you can just go to the website here. You can check it out. If you’re ready to rock and roll, click on the links and it’ll take you to our program. You can schedule a demo. Some people would rather schedule a demo at first and just go through it. I’ll show you what’s on there. Go to the demo here@go.fearlessprovider.com slash demo or simply scan the QR code.
In the meantime, I want everybody to have an amazing day. Make sure you watch a show. Make sure you share some of those tips with your staff. Awesome. Again, have an amazing day and we’ll talk to you later.
Click here for the best Chiropractic Malpractice Insurance
Get a Quick Quote and See What You Can Save