Updated 2025: Looking for a Business Associate Agreement? Download our FREE template

TotalHIPAA Logo

Social Engineering and HIPAA

Summary:

I’m a Nigerian Prince, and I need you to give me your bank account number so I can transfer money to you… You’ve won the lottery in Uzbekistan… We need your Password so we can verify your PayPal account before your account access is permanently revoked… Social engineering is a term in computer security that […]

I’m a Nigerian Prince, and I need you to give me your bank account number so I can transfer money to you…

You’ve won the lottery in Uzbekistan…

We need your Password so we can verify your PayPal account before your account access is permanently revoked…

Social engineering is a term in computer security that refers to a multitude of fraud schemes on your computer systems through the weakest link in most systems… the user. Hackers and thieves try to manipulate you to gain access to your personal information, or to your computer systems where they can do some serious damage. There is a whole host of attacks that people can and will try on you. The key is being aware and remembering the adage if it sounds too good to be true, it probably is! Here’s a brief list of attacks that can be used against you:

Phishing- This is probably the most common attack we see. This can be a simple email asking for you to verify your Gmail account or a PayPal account. Criminals are looking, or phishing, for your personal information. There are key ways to identify these emails as fraudulent:

1. Grammar mistakes and misspellings
2. Threatening language
3. Fantastic job offers or promotions
4. The link addresses don’t match the sender of the email. Google is spelled with zeros instead of o’s
5. Requests for money
6. Unsolicited requests to change passwords
7. In general, it sounds too good to be true

It’s important not to click any links in suspect emails! This could start the download of a whole host of malicious software that can compromise your computer systems, and you could have a HIPAA breach on your hands.

Some other social engineering techniques include:

Pretexting, baiting, quid pro quo, tailgating (It’s amazing the things people will use to get at your information! Here’s more information on Wikipedia… Be alert! Criminals are looking for ways to compromise your system, and they are looking for the easiest way in.

Do a little social engineering of your own and train your employees on how to use their workstations properly, what HIPAA is, and how they can support your efforts to keep client information safe. HIPAA security training covers these potential attacks on your system and much more. Remember HIPAA training is NOT optional, and the best business practice is retraining annually.

By Jason Karn
Google+

Sharing is caring!

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

Related Posts

Why do we need to test our Disaster Recovery Plan every year?

Why do we need to test our Disaster Recovery Plan every year?

Even if your internal software and servers remain perfectly static, the infrastructure, vendor updates, and cyber threats around them are constantly shifting. Waiting 2 or 3 years to test your backup systems leaves you vulnerable. This post breaks down the four external factors that degrade an untested playbook, explores HIPAA compliance mandates under NIST SP 800-66, and provides a granular, step-by-step example of what a compliant disaster recovery blueprint actually looks like.

How to Maintain HIPAA Compliance in Public Cloud Environments

How to Maintain HIPAA Compliance in Public Cloud Environments

Storing ePHI in the public cloud offers scalability but requires a strict “Shared Responsibility” approach. To remain HIPAA compliant, organizations must go beyond basic Business Associate Agreements (BAAs). The implementation of AES-256 encryption, multi-factor authentication (MFA), and microsegmentation are now required. This guide outlines the essential steps to securing your cloud infrastructure while meeting the latest HHS and OCR standards.

How to Stay HIPAA Compliant with Audit Logs

How to Stay HIPAA Compliant with Audit Logs

HIPAA audit logs are a mandatory technical safeguard under the HIPAA Security Rule, designed to track and record system activity across your network. To ensure complete compliance, organizations must actively maintain and routinely review these logs to detect unauthorized access to electronic protected health information (ePHI). This guide covers federal hipaa audit log requirements, the essential six-year hipaa audit log retention rules, best practices for tracking digital and physical data access, and how utilizing a structured hipaa audit log template protects your organization from catastrophic data breaches and costly federal penalties.

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)