American Medical News’ Pamela Lewis Dolan writes that sophisticated e-mail scammers are targeting doctors in attempts to get medical records and use the wealth of information they contain to facilitate identity theft.
The scammers pose as someone, such as an information technology worker, with whom a doctor regularly corresponds and exchanges sensitive information, then ask the doctor to share a password or download a piece of software that will then allow the would-be hacker to access medical records. Dolan writes that these attacks are often facilitated by disgruntled employees that can provide scammers with the inside information needed to develop a convincing ruse.
“The best way to convert data to cash is ID theft,” said Tom Cross, manager for X-Force Advanced Research, IBM’s data theft research team. Medical records provide a comprehensive portfolio for individual identification, and that can be sold, he said.
In addition to tips for avoiding these scams, Dolan gives a few recent examples.
One recent phishing case was carried out by scammers who posed as the Centers for Disease Control and Prevention and sent e-mails to patients and doctors claiming everyone had to register at an online H1N1 vaccine database. A link in the e-mail took unsuspecting recipients to a Web site that looked as if it was operated by the CDC. A warning issued later by the real CDC indicated hackers were likely sending malicious software downloads to victims’ computers.
