Skip Navigation
  • Careers
  • Report a Claim
  • Clients
  • Contact Us
  • Employees
Risk Strategies Logo
  • Industries

    • Architects & Engineers
    • Aviation
    • Cannabis
    • Construction
    • Education
    • Entertainment
    • Financial Services
    • Fine Art
    • Healthcare
    • Law Firms
    • Marine & Yacht
    • Nonprofit & Human Services
    • Private Equity
    • Public Sector
    • Real Estate
    • Relocation
    • Transportation
    • Waste & Recycling
  • Solutions

      • Captives
      • Casualty
      • Cyber
      • Environmental
      • International Liability
      • Management Liability
      • Property
      • Surety
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Management
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
      • Financial & Wealth Overview
      • Life Insurance
      • Private Client Services Overview
      • Homeowners
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Boat & Yacht
      • Family Office
      • Specialty Coverages
    • Reinsurance
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
  • Consulting

    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy
    • Retirement Benefits
  • News and Insights

    • All Insights
    • Blog
    • Emergency Resource Centers
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
  • Company

    • About Us
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Charitable Foundation
    • Transparency and Disclosures
  • Join Us
    • Careers
    • Mergers & Acquisitions
  • Industries
    • Architects & Engineers
    • Aviation
      • Aviation Business Insurance - Manned Risk
      • Non-Owned Aviation
      • Unmanned Aerial System and Drones
    • Cannabis
    • Construction
      • Alternative Solutions
      • Financing & Pre-Construction
      • Insurance Solutions
      • Risk Management
      • Surety
    • Education
      • Employee Benefits for Education
      • Property, Casualty & Liability for Education
      • Student Health & Wellness
    • Entertainment
      • Film & Television
      • Advertising Wrap-Ups
      • Event Cancellation & Non-Appearance
      • Music & Touring
      • Theatrical Production & Live Performance 
    • Financial Services
      • Asset Managers
      • Banks & Non-Bank Lending
      • Collections
      • Consumer Financial Services
      • Financial Tech
      • Insurance Companies
    • Fine Art
      • Artists
      • Artist Endowed Foundations
      • Auction Houses
      • Fine Art Packers / Shippers / Warehouses
      • Galleries
      • Museums
      • Private Art Dealers / Advisors
      • Private Collectors
    • Healthcare
      • Employee Benefits - Healthcare
      • Managed Care / Stop Loss
      • Medical Malpractice
      • Property & Casualty - Healthcare
      • Reinsurance
    • Law Firms
    • Marine & Yacht
      • Boat & Yacht For Individuals
      • Classic Yachts
      • Commercial & Recreational Marine Businesses
        • Marine Businesses
        • Sailing Organizations - Burgee Program
      • High Performance Boats
      • Jackline Program for Cruising Yachts
      • Mega Yachts
      • One-Design Insurance Program
      • Sailors Health Insurance Program
      • Travel Medical & Trip Insurance
      • US Sailing Insurance Solutions
    • Nonprofit & Human Services
    • Private Equity
    • Public Sector
      • Public Safety Organizations & Municipalities
    • Real Estate
      • Commercial
      • Community Associations
      • Hospitality
      • Residential / Habitational
      • REITs
      • Retail
      • Specialty Programs
    • Relocation
      • Domestic Household Goods
      • Expat Renters & Living Insurance
      • Relocation Claims Service
      • International Household Goods
      • Supplemental Movers Coverage
      • Temporary Living Insurance
      • Vacant Home
    • Transportation
      • Business Auto Insurance
      • Last Mile Delivery
      • Forwarding & Brokering
      • Workers' Compensation
    • Waste & Recycling
  • Solutions
    • Business Insurance
      • Captives
      • Casualty
        • Analytics
        • Auto Liability & Physical Damage
        • Captives & Alternative Risk Financing
        • Claims Advocacy & Loss Control
        • Excess Liability
        • General Liability
        • Product Recall
        • Workers' Compensation
      • Cyber
        • Cyber Resolute
        • Cyber Risk Assessment and Analytics
        • Cyber Risk Response & Claims Advocacy
      • Environmental
        • Contractors Pollution Liability
        • Environmental Excess
        • Environmental Liability Transfer
        • Environmental Liability - Healthcare
        • Environmental Liability - Higher Education
        • Pollution Legal Liability
        • Environmental Liability - Private Equity
        • Professional Environmental Liability Insurance
        • Real Estate Development
        • Remediation Cost Cap
        • Secured Creditor Protection for Lenders
        • Underground Storage Tanks
      • International Liability
      • Management Liability
        • Management Liability - Entertainment
        • Management Liability - Financial Institutions
        • Management Liability - Healthcare
        • Management Liability - Real Estate
      • Property
        • Builder's Risk
        • Property Claims Services
        • Inland Transit and Ocean Cargo
        • Natural Hazard Catastrophe Modeling
        • Political Violence and Terrorism
        • Property Damage & Business Interruptions Valuations
        • Property Loss Prevention and Control
      • Surety
    • Employee Benefits
      • Employee Benefits Overview
      • Benefit Administration and Technology
      • Benefits Compliance Support
      • Data & Analytics
      • Human Capital Management
      • International Benefits
      • Absence Management & Ancillary Programs
      • Voluntary & Lifestyle Benefits
    • Financial & Wealth
      • Financial & Wealth Overview
      • Life Insurance
    • Private Client Services
      • Private Client Services Overview
      • Homeowners
      • Collections
      • Umbrella & Excess Liability
      • Auto
      • Boat & Yacht
      • Family Office
      • Specialty Coverages
    • Reinsurance
    • Risk Management Services
      • Risk Management Services Overview
      • Analytics
      • Claims Management & Advocacy
      • Loss Control
      • Safety Consulting Services
  • Consulting
    • Consulting Overview
    • Actuarial Services
    • Healthcare Claim Audit Services
    • Health and Welfare
    • Mergers and Acquisitions
    • Pharmacy
    • Retirement Benefits
  • News and Insights
    • All Insights
    • Blog
    • Emergency Resource Centers
      • Cybersecurity
      • Earthquake
      • Hurricane
      • Pandemic
      • Riot & Civil Unrest
      • Severe Storms
      • Violence & Active Shooter
      • Wildfire
      • Winter Weather
    • Employee Benefits Compliance Center
    • Events
    • Media Coverage
    • State of the Market Reports
    • Press Releases
  • Company
    • About Us
    • Careers
    • Culture and Values
    • Diversity, Equity & Inclusion
      • BeHEARD Series
      • DE&I Structure
      • Employee Resource Groups
    • Environmental, Social, & Governance
    • General Terms of Business
    • Leaders
    • Local Expertise
    • Mergers & Acquisitions
    • Recognition & Awards
    • Risk Strategies Charitable Foundation
    • Transparency and Disclosures
      • General Terms of Business
      • Conflict of Interest Policy
      • Compensation Disclosure
      • Enterprise Risk Management
  • Join Us
    • Careers
      • Benefits & Wellness
      • Investing in Growth & Leadership
      • Life at Risk Strategies
      • Next Steps
    • Mergers & Acquisitions
      • Partnership Benefits
      • Why Join Us?
      • Onboarding & Integration
  • Careers
  • Report a Claim
  • Clients
  • Contact Us
  • Employees

You are about to leave Risk Strategies website and view the content of an external website.

You are leaving risk-strategies.com

By accessing this link, you will be leaving Risk Strategies website and entering a website hosted by another party. Please be advised that you will no longer be subject to, or under the protection of, the privacy and security policies of Risk Strategies website. We encourage you to read and evaluate the privacy and security policies of the site you are entering, which may be different than those of Risk Strategies.

OK
  • News & Insights
  • Blog
February 23, 2023

How Social Engineering Attacks Present Unique Risks for Health Care

Cyber Healthcare
5 min read
Rob Rosenzweig, RPLU National Cyber Risk Practice Leader; and Allen Blount, Cyber Team Leader
  • Facebook
  • Twitter
  • LinkedIn
  • Email
How Social Engineering Attacks Present Unique Risks for Health Care

Social engineering scams have become more common and more costly—especially for health care organizations. These scams can result in significant financial and reputational loss, especially when an attack leads to a data breach. Digital transformation initiatives, mergers and acquisitions (M&A), and the increasing prevalence of these scams all make organizations vulnerable. However, the greatest threat organizations face comes from their lack of awareness and understanding about how these scams work. It is becoming increasingly crucial to be vigilant and aware of the threats posed by social engineering scams.

Emerging Social Engineering Attacks

Bad actors use various social engineering techniques to attack vulnerable parties. The following are the most common:

  • Phishing – Phishing, the most common form of social engineering attack, occurs when fraudsters create false communications that appear to be coming from an official source. They may then link the victim to a false website disguised to look like the site of an official organization. Ultimately, their goal is to convince the victim to provide sensitive data such as banking details, log-in credentials, or personally identifiable information (PII).
  • Vishing/Smishing – Vishing is phone-based phishing, where fraudsters call victims and impersonate an official or trusted source. Smishing is an attack launched through an SMS text message. Like phishing scams, these techniques have the aim of convincing the victim to provide sensitive data.
  • Baiting – These attacks occur when a scammer sends the victim an offer to get the victim to provide personal information in return. The “bait” offered may come in the form of money, gift cards, or digital media, and may be presented with the intent of enticing a specific victim based on their needs or interests.
  • Quid Pro Quo – A Quid Pro Quo often involves a scammer impersonating an IT professional who encourages the victim to disable their antivirus software so they can perform a “software upgrade” that is actually malicious software or a remote access tool (RAT). This allows them to assume control of the victim’s computer.
  • Pretexting – In these attacks, scammers work to create a false sense of trust with their victim. They may go to extreme lengths to craft a story the victim will find credible, claiming they are a distant family member, coworker, or friend who needs personal information which the scammer then uses to steal the victim’s identity which they use to scam others as well.

Exposed: Health Care Laid Bare

The health care industry is targeted mostly due to its combination of diverse points of vulnerability. The following are areas that open health care organizations to social engineering attacks:

  • Digital Transformation – Health care organizations are relying more on digitally driven and automated processes and operations. This has made life more convenient, but it has also made both individuals and organizations more susceptible to digital-based scams. With an increase in digital communications comes more opportunities for scammers to insert themselves. these attacks can occur even at organizations with robust cyber-security systems, therefore it is imperative that organizations are prepared to respond with back-ups and clear continuity plans to limit exposure should such attack occur.
  • Sensitive Information – The health care industry possesses large amounts of sensitive information. When data is breached as a result of a social engineering scam, it leaves the organization vulnerable to legal action. Lawsuits and settlements resulting from data breaches can compound losses and lead to detrimental consequences.
  • M&A – When organizations are acquired and workforces expand, as often happens in the health care industry, it can take time to assimilate teams and organize communications. During these stages, staff may be especially vulnerable to scams, as they may not yet know when communications are coming from a trustworthy source.

Willful Ignorance Breeds Risk

Social engineering scams can always be attributed to human error. Unlike ransomware or DDoS attacks, which can happen without the consent or knowledge of the victim, social engineering scams rely on the victim’s compliance with the scammer’s request. Insurers are apprehensive to write for social engineering attacks with a high level of confidence as these scams hinge on human error.

Historically, coverage for social engineering attacks has been included in both cyber and crime insurance policies. As these scams rely more on human vulnerabilities than IT system weaknesses, they might more adequately fit in crime policies.

To make sure your organization is protected, it is important to begin the renewal process early and stay up to date on changes in cyber security coverage. Equally, mitigating social engineering risks from the root by providing all staff with mandatory social engineering awareness training ensures a crucial safety net.

Want to learn more?

Find Rob Rosenzweig on LinkedIn, here. Find Allen Blount on LinkedIn, here.

The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client. 

Related Posts

See all posts

Cyber Healthcare 2 min read The internet of (insecure) things -... September 06, 2018
Cyber Healthcare 4 min read Strength in numbers - and better me... October 07, 2021

Subscribe via Email

Risk Strategies Logo
  • Report a Claim
  • Clients
  • Contact
  • Employees
  • Terms of Use
  • Cookie Policy
  • Privacy Policy
  • Accessibility
  • Health Plan Transparency Compliance
©2023 Risk Strategies. All rights reserved.

Connect with Us

  • LinkedIn
  • Twitter
  • Instagram
  • Facebook