• Magazine
    • Past Issues
    • Subscribe
    • Change Mailing Address
    • Surveys
    • Guidelines for Authors
    • Editorial Calendar
    • Editorial Deadlines
    • Dynamic Chiropractic
      • Newspaper
      • Subscription
    • The American Chiropractor
      • Magazine
  • Practice
    • Business Tips
    • Chiropractic Schools
    • Clinical & Technique
    • eBooks
    • eCourses
    • Sponsored Content
    • Infographics
    • Quizzes
    • Wellness & Nutrition
    • Personal Growth
    • Podcast
    • Coronavirus (COVID-19)
  • Resource Centers
  • Products & Services
    • Buyers Guide
    • Products Directory
    • Submit a Product
    • Vendor Login
  • Datebook
    • Become an Events Poster
    • Post an Event
    • View Events
  • Jobs
    • Jobs
    • Post a Job
  • Advertise
    • Advertising Information
    • Media Kit
    • Contact Us

Your Online Chiropractic Community

Chiropractic Economics Your Online Chiropractic Community
Subscribe
  • Home
  • Current Issue
  • News
  • Webinars
  • Chiropractic Research
  • Students

Protect your practice from social engineering attacks

Dava Stewart January 16, 2015

ThinkstockPhotos-524155897You know all about the security requirements of HIPAA, and you probably know at least something about cyber security, particularly if you are using or transitioning to an electronic health records (EHR) system. But, do you know about social engineering attacks, or how to spot an attempt at phishing? Does your staff?

What is social engineering?

Social engineering has two meanings: one is related to public policy, which, arguably, doesn’t have too much impact on chiropractic offices, and the other is related to information security. When a criminal manipulates a person in order to learn confidential information, it is social engineering—and that can pose a legitimate threat to your practice.

All sorts of people are vulnerable to social engineering attacks; this is not something that only happens to the gullible or unprepared. These attacks are designed and carried out in such a way that victims have no idea at all they are being attacked. According to SearchSecurity.com, a leading information security site, social engineering is “a non-technical method of intrusion hackers use that relies heavily on human interaction and often involves tricking people into breaking normal security procedures.”

What are social engineering attacks?

Social engineering is part of the vast majority of scams. People are helpful, sometimes vain, and can be frightened. Scammers use facets of human nature to find out what they need to know in order to carry out their crime. For example, if a scammer wanted access to your network, he or she may call and claim to work at one of the insurance companies you regularly bill. They may describe an urgent problem and appeal to the person in charge of billing in your office for help.

That is simply one type of social engineering attack—and a particularly successful one, all too often. Here are several other types of attacks:

  • Baiting—In this case, the scammer may leave something, such as a CD, a USB drive, or some other item that can be plugged in, that is loaded with malware.
  • Phishing—Most people are familiar with phishing, as it has become a major problem, especially for senior citizens. The scammer will send an email, sometimes disguised so that it appears to be from a legitimate source, with the goal of getting the recipient to click a link that will automatically download malware. They may also be trying to get the recipient to reveal personal or financial information.
  • Pretexting—The example above, where a scammer calls seeking help with an “urgent problem” is a form of pretexting. Lying in order to gain access to information is pretexting.
  • Tailgating—This is when a scammer follows someone who is authorized into a secure area of a network and gains access. In other words, they sneak in while the virtual door is open.

These are the main types of social engineering attacks, all of which you and your staff should be most wary about.

How can I avoid these kinds of attacks?

The United States Computer Emergency Readiness Team (US-CERT) offers several tips on how to avoid becoming a victim of an attack:

  • Be wary of phone calls, emails, and other messages. Try to always verify the person’s identity directly with the company or organization they claim to be associated with.
  • Do not click links in emails or reveal any financial or confidential information via email.
  • Look closely at website URLs. Scammers will often leave one letter out of the name of a legitimate company or organization or use some similar tactic that would not cause immediate alarm.
  • Try to verify any emails that seem suspicious by calling the companies or individuals they are from.

You should also take advantage of any anti-spam, anti-phishing, firewall protections, or other security measures provided by your EHR software vendor and/or Internet service provider. Email filters are a great tool, as well.

Related Posts

  • Should you add laser therapy to your service menu?Should you add laser therapy to your service menu?
  • Proper posture analysis starts with the feetProper posture analysis starts with the feet
  • Keep your practice’s data secureKeep your practice’s data secure
  • USTR exempts roasted chicory from WTO dispute-related tariffUSTR exempts roasted chicory from WTO dispute-related tariff
  • Professional basketball athletes rely significantly on chiropractic careProfessional basketball athletes rely significantly on chiropractic care
  • DCs to perform FAA physicals for private pilotsDCs to perform FAA physicals for private pilots

Filed Under: Practice Management Software, Resource Center

Current Issue

CE issue 1 cover

Follow Us

  • Facebook
  • Twitter
  • Instagram
  • LinkedIn
  • YouTube logoYouTube logoYouTube

Compare Subscriptions

Dynamic Chiropractic

The American Chiropractor

3948 3rd Street South #279,

Jacksonville Beach, FL 32250

Phone 904.285.6020

CONTACT US »

Privacy Policy & Terms of Service

Copyright © 2021, All Rights Reserved

SUBSCRIBE TO THE MAGAZINE

Get Chiropractic Economics magazine
delivered to your home or office. Just
fill out our form to request your FREE
subscription for 20 issues a year,
including two annual Buyers Guides.

SUBSCRIBE NOW »

Latest Chiropractic News

  • The Joint Chiropractic Earns Major Accolades for Franchising Excellence
  • Northeast College Opens Digital Anatomy Lab, Announces Even More Educational Technology, Community-inspired Name
  • 2023 American Chiropractic Association (ACA) Rehab Symposium in March in Las Vegas