Hopefully very few us have fallen victim to a phishing scam, but we’ve come across these scams or heard about them in the media. Fortunately, because of this awareness, less than 1% of customers are being foiled by these nefarious attempts, according to a recent report that focused on customers of major US and European banks. However, of those who were lured to these phishing sites, 45% entered in their personal information that resulted in up to $9.4 million in losses.

Phishing attacks are on the rise.  According to a Panda Security investigation, scammers are creating 57,000 fake websites a week to falsely represent 375 popular brand names. As you can imagine, this large volume of phishing scams has serious implications for businesses as they strive to shield sensitive data from data breach and protect their customers from misrepresentations of their business.

A recent study by SpamTitan found that 75% of IT managers responded that the biggest source of phishing attempts for business users is email spam. An employee may receive an email that appears to be from a legitimate source requesting personal or sensitive business information.  When the employee clicks the link, that action may trigger the download of malware that could access or destroy sensitive data.  As phishing attacks present a clear danger to businesses, it is very important that company leadership establishes and implements strict network security measures to filter spam.

Another effective tool to fight phishing is to know the facts and educate the workforce of how avoid falling victim to these scams.

Recently I addressed the importance of having plans in place to protect personal health information in light of the sharp increase in healthcare data breaches.  Unfortunately, research studies are finding that incidents of fraud resulting from exposed healthcare data are on the rise. A recent Javelin Strategy and Research study noted that fraud resulting from exposed health data has more than doubled over the past year.

This sharp spike is due to the extensive personal information available on an individual’s health record.  According to a recent RSA Online Fraud Report, the types of fraud that can be committed using full information profiles are limitless. Not only is the individual a potential victim, the healthcare providers, insurers and the pharmaceutical companies are as well.

The RSA Report sites examples where a cybercriminal steals personal health information (PHI) to file false patient claims to an insurer.  A second example includes making false prescription orders to fuel the underground prescription drug trade.  Unfortunately, the consumer whose PHI is being abused may incur damages beyond being a victim of someone stealing their medical information.  Consumers may come under criminal investigation for defrauding the insurer or buying prescriptions illegally.  That doesn’t sound fair, does it?

It is of paramount importance to develop policies to deter and detect data breach threats.  However, it is of equal importance to keep customers informed of how to protect their health privacy themselves. National Cyber Security Awareness Month begins October 1 this year. Please consider informing your clients and customers of how they can remain safe online.