Skip to main content
Vishing

Vishing Attacks Targeting Healthcare Organizations 

By August 29, 2023No Comments

The Health Sector Cybersecurity Coordination Center (HC3) sent an alert in August 2022 detailing an increase in vishing attacks targeting healthcare organizations. Health systems were warned to watch for attacks impersonating their organizations and targeting their providers and patients. “Social engineering techniques continue to remain successful in providing initial access to target organizations, and the Healthcare and Public Health (HPH) sector should remain alert to this evolving threat landscape with an emphasis on user awareness training,” HC3 explained. Let’s take a look at two examples.

Vishing attacks target Asante healthcare employees for patient information and passwords

Asante healthcare reports that scammers are posing as patients or authorized caregivers and calling Asante healthcare employees requesting confidential patient information. They try to fool Asante employees into giving up confidential patient information. What are their tactics when they call? The scammers tell a compelling story or create a sense of urgency. Asante also reports that bad actors are vishing IT (Information Technology) staff for passwords and system information that they can use to access Asante computers and information.

Vishing attacks target patients of Spectrum/Priority Health for member numbers and PHI

Scammers posing as employees of Spectrum Health or Priority Health carried out a vishing campaign that involved calling patients to steal their member numbers and protected health information (PHI). To add legitimacy to the vishing calls, the scammers “spoofed” the phone number belonging to the healthcare entity. As a result, the victim’s caller ID displayed a legitimate phone number for the healthcare entity. The stage was now set for the scammers to begin the swindle. As reported by the Spectrum Health newsroom, using tactics such as flattery and threats, the scammers obtained identification information, money, and even access to personal devices.

User awareness training – Test. Educate. Protect.

Human interaction played a key role in both vishing attacks we mentioned. A real person was on the phone using social engineering techniques to try to fool their target. In view of this, human interaction should play a key role in the security awareness testing and education that you choose. With Social-Engineer’s Managed Vishing Service, you will get security awareness testing and education based on human interaction. We do not use script-driven call center staff, and we never use robocallers. Instead, we deploy real people; professionally trained, certified social engineers to elicit critical information from your employees. Our Human Risk Analysts can pivot and adjust their conversations just like a real attacker would. The experts at Social-Engineer, LLC can help you test, educate, and protect, your first line of defense, your employees. Please contact us today for a consultation.

You May Also Like

Phishing Attacks Targeting Healthcare Organizations
SMiShing Attacks Target the Healthcare Sector

Tags:

Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
Security Assessment Case Study
Learn more about the importance of a Social Engineering Risk Assessment.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
What Makes Us Different
At Social-Engineer, we pride ourselves on what we do and how we do it. We are a security services provider, focusing on four primary attack vectors. This case study will go through how we can protect your company and what makes us different.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Woman vs Machine
Technology is providing new, more innovative ways to enhance our world. Scientists are constantly developing smarter, faster and more intelligent machines, systems and robots. There is no doubt that each of these has evolved beyond their clockwork origins.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
Vishing and Phishing Must Be Ongoing to Be Effective
Most companies have a security awareness program in one form or another. If they don’t, it should be on the short list of programs to start as soon as possible. In our experience, many of these programs take the form of computer-based training.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
A Case Study in Vishing
Vishing (voice-based phishing) has been a problem for quite a long time. There are many vendors in the marketplace that offer vishing services. However they tend to use robo-callers or call centers for large volume engagements. If they are using trained humans to make calls, it is likely in very low numbers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
Benefits of a Social-Engineering Risk Assessment Engagement
Your company is important. Indeed, the data you hold for your clients or employees is very valuable and attackers seek to capitalize on that data any way they can. This is where a Social Engineering Risk Assessment (SERA) engagement can help uncover possible vulnerability to attackers.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now
The Business Value of the Social-Engineer Phishing Service
Cybercriminals are targeting the human element of organizations. Additionally, they are developing techniques to use an organization’s employees as the first point of entry. According to the 2021 Verizon DBIR report, of the 3,841 security breaches reported using social engineering, phishing was the key vector for over 80% of them.
Download Now