A HIPAA message on phishing -- don't get snagged

October 26, 2004

HIPAA, the Health Insurance Portability and Accountability Act of 1996, provides federal protection of patient health information. This HIPAA-related message is part of UNMC's continued effort to educate employees. Today's HIPAA message addresses phishing, a high-tech scam that uses spam or pop-up messages to deceive you into disclosing confidential information.

Question: What is Phishing?

Answer: Phishing is a high-tech scam that uses spam or pop-up messages to deceive you into disclosing your credit card numbers, bank account information, Social Security number, passwords, or other confidential information. It is important for all e-mail users to remember the following:

1. Watch out for unsolicited requests via e-mail for confidential information (i.e your own personal information, patient information, student information, corporate credit card). Recent phishing incidents involved e-mails which appeared to come from Citibank, PayPal, eBay, Microsoft, or Visa requesting updated confidential information. Individuals who provided the information became potential identity theft victims.

2. Never click on a suspicious hyperlink in an unsolicited e-mail. It is always a good idea to type the URL of the company's home page into your browser's address bar and find the appropriate page. The hyperlink could take you to an invalid site.

3. Look at the address in the address bar of your Web browser. If the address does not match what the hyperlink shows or if it looks suspicious do not provide confidential information.

4. Don't reply to the e-mail if you have a question or are suspicious. Instead, call the toll-free number listed on the alleged sender's Web site to confirm if the e-mail is valid.

If you're a manager, please ensure all of your employees are informed of the contents of these messages and how it applies to your work area. Some ways of sharing the information include discussions during staff meetings, printing and posting this message or asking your employees if they have any further questions.