Awareness : Newsletter Articles

Email Phishing Attacks are on the Rise

With so much media attention on phishing attacks, why do so many health care entities still fall victim?  The answer – human weakness. Phishing and related attacks are often aimed at health care employees due to their continued success. Phishing is a scam used by cyber criminals to lure individuals into sharing sensitive data, such as personally identifiable information (PII). The information is then used to access accounts that contain protected health information (PHI).

Several health data breaches involving phishing attacks, including one that potentially exposed data on more than 350,000 individuals, were recently reported to the Department of Health and Human Services. The preliminary investigation confirmed that nine employees clicked on links in phishing emails and disclosed their login credentials. This simple act gave cyber criminals access to their email accounts and sensitive patient health data. 

In previous years, health care institutions were more likely to attribute breaches to theft or loss of paper records or laptops. However, a recent study published by JAMA Network Open confirms that email phishing attacks are on the rise and are the number one security threat to the health care industry. According to HIPAA, email related data breaches have dominated breach reports, accounting for an astonishing 51.52% of the breaches reported in January 2019 alone.

The number of successful phishing attacks on health care institutions is a serious concern and an issue that should not be taken lightly. While the University has protective technology in place, such as spam filters that assist in preventing irrelevant emails from being delivered to employees and a multi-factor authentication tool to validate credentials, we cannot rely on these technologies alone. 

Here are some useful tips in relation to phishing attacks:

  • NEVER click on links or open files that appear suspicious or are from an unknown source
  • Minimize the use of your UM email address in online submissions to reduce spam
  • Do not give out your email address arbitrarily
  • Verify that the sender’s email address is authentic
  • Delete spam, chain, clutter and other junk email
  • Do NOT forward and do NOT reply to spam or junk mail

Our patients not only trust us with their health care, but also with the protection of their sensitive health data. The protection and security of patient information is of the utmost importance and we all play a role in ensuring that the proper security methods are in place to prevent criminals from accessing it. 

For further information on HIPAA regulations and training please contact the UHealth Privacy Office at 305-243-5000 or For technical assistance, or if you feel that you have fallen victim to a phishing scam please contact the UMIT Help Desk immediately at 305-243-5999 or