Q&A: Protecting against vishing attacks

August 6, 2020
Medicare Web

Q: I have read recently about the uptick in “vishing,” or voicemail messaging scams, targeting remote healthcare workers. What are your recommendations for protecting against this type of threat?

A: First and foremost, training. As with phishing, workers need to be aware of other types of social media exploits like vishing. It can take the form of voicemail, text messages, or phone calls, as well as email and the internet.

It’s a good idea to train workers on what they can do to spot vishing. Another safeguard you can implement is instructing workers not to call the vishing attacker back on a different phone than the one that the attacker called or left a voice message for. In addition, let workers know that they should look up another number for the caller that can be authenticated and call that number instead of the one given by the attacker. That way you can validate whether the original call was a vishing attempt.

Editor’s note: Chris Apgar is president of Apgar & Associates, LLC, in Portland, Oregon. He is also a BOH editorial advisory board member. This information does not constitute legal advice. Consult legal counsel for answers to specific privacy and security questions. Opinions expressed are those of the author and do not represent HCPro or ACDIS.

Related Topics: 
Ask the Expert, HIPAA