Skip to content

Table of Contents

Technology Jul 01, 2022

How to Avoid Common Healthcare Phishing Attacks

Phishing attacks are one of the most common cybersecurity threats hospitals face. Protect your patient data by understanding common phishing tactics.

Phishing is a severe risk for providers.

Phishing, an email social engineering tactic, poses a severe threat to healthcare organizations, historically underinvested in security. According to Becker’s Hospital Review, cyberattacks increased 94 percent over the past year. All healthcare organization members must know what to watch out for in their inboxes to avoid phishing attempts.

Types of Attacks 


The most common form of phishing is mass-produced emails targeting anyone who opens them. Often, they ask for personal information or include malicious attachments. Although the most common form, standard phishing accounted for multiple high-profile healthcare attacks in 2021, according to HealthIT Security.


Spear phishing takes a more targeted approach to the email tactic. Spear phishing emails include more effective personalization due to the hacker paying more attention to the victim’s department. These emails target individuals in an organization like admins.


Whaling is a colloquial term for phishing attacks directed at high-level organizational management like CEOs and CFOs. Usually, they use fear to gather personal information from these individuals. One typical example of whaling is an email alerting potential victims of legal action and prompting them to open an attachment or click a link to learn more.


In 2022, hackers can leverage any of these tactics through text or instant messaging. For example, it is common for them to send phishing attacks posing as a coworker or supervisor, known as Smishing. These messages often ask for payment in non-standard forms, like gift cards.

How to Detect Phishing Emails

The NIST cybersecurity Phish scale details some of the signs of malicious emails. Employees should scrutinize any email from an unknown sender asking for information. Additionally, emails with inconsistent branding, spelling errors, unprofessional formatting, or a generic greeting (“To whom it may concern”) may be a phishing attempt. Other suspicious signs are emails with a ‘too good to be true’ offer, claiming the victim won a contest or free vacation.

Protecting Your Healthcare Organization from Phishing

By encouraging a ‘culture’ of cybersecurity in their organization and making employees aware of cybersecurity risks, healthcare administrators can ensure that their staff is savvy to potential phishing attacks to stop attacks before they begin. For more information about safeguarding your organization’s data, click here for the Medplace cybersecurity toolbox.


Related Resources

Fostering a Just Culture in Healthcare with Medplace's Efficient Case Review

Fostering a Just Culture in Healthcare with Medplace's Efficient Case Review

Claim leaders agree that a Just Culture prevents potential nuclear verdicts. Learn how Medplace makes it easy to foster a Just Culture usin...

August 28, 2023

Reducing Healthcare Overhead with Efficient Record Organization

Reducing Healthcare Overhead with Efficient Record Organization

Struggling with claims delays, information overload, and rising legal costs? Learn how AI solves records organization and addresses your ne...

August 22, 2023

Tackling Cybersecurity Threats Head-On

Tackling Cybersecurity Threats Head-On

Remote work and escalating cyber attacks means patient data is at risk. Here's how top hospitals are tackling cyber threats head-on.

July 27, 2023