2025 Foundational Application of Social Engineering

SMiShing Attacks Target the Healthcare Sector

Smishing Attacks target the healthcare sector

Share This Post

In August 2023, The Office of Information Security and Health Sector Cybersecurity Coordination Center (HC3) issued a report warning hospitals about the rising threat of SMiShing attacks targeting the healthcare sector.

SMiShing: phishing via SMS (short message service) text message

Why is the healthcare sector experiencing an uptick in SMiShing attacks? The HC3 report notes that users are much more trusting of text messages. The report goes on to say that not as many people are aware of the dangers of clicking links in text messages. So SMiShing is often lucrative to attackers searching for credentials, banking information and confidential data. Criminals use psychological tactics in their text messages to gain access to hospital and healthcare IT (Information Technology) networks. The text messages will usually create a sense of urgency or fear. The HC3 report says to be on the lookout for the following types of text messages:

  • Deadlines and time-sensitive language
  • Scarcity
  • A quick fix

Smishing Attacks Target the Healthcare Sector

Screenshot: HC3 Multi-factor Authentication & Smishing Report, August 10, 2023

At an average cost of USD 10.93 million, healthcare has the highest data breach costs of all industries.  What can the health sector do to protect itself? The HC3 recommends that all health sector employees add MFA (Multifactor Authentication) to all devices. We agree that this is a vital security protocol to implement. But is there more that the health sector can do to protect itself from SMiShing attacks?

Social-Engineer’s Managed SMiShing Service

While MFA is a key step towards protection, SMiShing testing and education within the healthcare sector is vital. Why do we say that? Because MFA alone will not protect against the psychological tactics and social engineering techniques that criminals use in a SMiShing attack.

Test. Educate. Protect.

With our Managed SMiShing Service you’ll receive a fully managed program that measures and tracks how your employees respond to text-based phishing attacks on corporate managed SMS-capable devices. Your employees will learn what a SMiShing message looks like and how to report it safely. As a first step, we recommend updating your BYOD (Bring Your Own Device) policy and establishing a reporting process for employees to submit suspicious text messages for review by your security team. Once you are ready, we invite you to partner with us for testing and education that will help protect your employees against SMiShing attacks.

You May Also Like

Phishing Attacks Targeting the Healthcare Sector
Vishing Attacks Targeting the Healthcare Sector

More To Explore

Soft Skills for Cybersecurity Professionals
General

Soft Skills for Cybersecurity Professionals

As cyber threats continue to increase, so does the need for cyber security professionals. Some of the skills needed to succeed in the field of cyber security are programming skills,

Social Engineering

Keeping it Simple in Cybersecurity 

Today, the cybersecurity industry focuses a lot more on complicated solutions and tools. Companies are always looking to improve their security measures with the latest technologies. However, attackers often choose