844-iGuy-Help Contact iGuy


Protect Your Company Against Phishing Attacks

Phishing Attack

April 1, 2023

Written by Chuck Burbank for California Broker Magazine

Brokers can protect themselves, and advise clients

While ransomware attacks and organized hacking operations may grab headlines, malicious operators often gain access to company networks in mundane ways that don’t earn attention so aren’t talked about as much. While this information may seem basic, it bears repeating. We are seeing a significant increase this year in cybercrime, so though you think you and your clients, employees and colleagues are wise to the multitude of scams out there, there are still scammers succeeding in hooking us in.

Email is an easy mark

Despite the growing number of communications options available to businesses, email remains the number one tool of business communications. The flexibility, reliability and convenience of email means it’s not going away any time soon.

But for all its benefits, email is also the primary target of serious cyberattacks. Social engineering attacks, like phishing, can lead to data breaches, malware and ransomware attacks, and millions of dollars in losses for businesses.

Know what you are up against

Phishing is a social engineering attack that tries to trick the recipient into clicking a link or opening a file that downloads malware or reveals sensitive information, such as user names and passwords. Phishing emails appear to come from trusted senders, such as personal or business contacts. Such emails many times have generic introductions (such as “Dear valued customer”), grammar and spelling errors (although this is harder to detect with grammar and spell check – although it may be obvious that English is a second language in the structure of the communication). Some have email addresses that do not match the website of the sender’s company, or do not actually match the name stated, include unrequested attachments, or requests to click a link and enter a User ID and password in order to confirm information.

Brokers and healthcare info are prized targets

According to the FBI and several data breach-tracking websites, the value of healthcare data can be significantly higher than other types of financial records. According to Experian, a single patient record can sell for upwards of $1,000 on the Dark Web, depending on how complete the record is. That’s nearly 50 times higher than the value of standard credit card records.

In addition to Protected Health Information (PHI), brokers also have access to large amounts of Personally Identifiable Information (PII) — sensitive information that can be used to identify a unique individual, such as Social Security Numbers, full names and financial information.

Why is PII/PHI so valuable?

When credit card information is stolen, it can only be used until the theft is discovered and the card is shut down by the issuing institution. For those of us who work in health insurance, the information we deal with has a potentially unlimited lifespan. For example, Social Security Numbers don’t “expire” and are very rarely reissued — generally only under the most extreme circumstances.

Additionally, fraudulently-obtained PII enables a number of illegal activities, such as identity theft, tax or healthcare insurance fraud, or extortion.

As I said, at BenefitMall, we have seen a continual spike in phishing attempts in the past year. Each month, we block 22,000 attempted phishing emails and our Security Operations teams respond to more than 2,000 user-reported phishing emails. Of those reported emails, half contain malicious attachments.

What’s concerning is that phishing emails often appear to be coming from trusted sources, hoping that recipients will click on links and open files believing that they came from known contacts with legitimate business needs. Sometimes, those emails are coming from broker partners whose email has been compromised, allowing cyber attackers to use those email accounts to send out phishing attacks to other organizations.

What should you do if your email system has been compromised?

There are a number of regulatory and contractual obligations that brokers must comply with in the event that an email network is compromised and a data breach may have occurred. In addition to notifying the applicable State Attorneys General, some states have additional reporting requirements. For example, in New York, the Department of Financial Services must be notified, and in Maryland, the Department of Insurance.

In California, you should report the incident to the California Department of Justice (DOJ) through their Cyber Crime Center and to your local law enforcement agency. If the cybercrime involved a breach of personal information, such as Social Security numbers or financial account numbers, you may also need to notify the affected individuals and relevant government agencies, such as the California Attorney General’s office or the Federal Trade Commission (FTC). You should also report the incident to the Internet Crime Complaint Center (IC3).

If you have entered into any Business Associate Agreements (BAAs) with carriers, they must be notified. Also, the U.S. Department of Health and Human Services Office for Civil Rights must be contacted regarding any HIPAA violations.

There are also steps that employees should take if they are victims of phishing attacks. Employees should immediately change their passwords for all email accounts and critical websites connected to those email addresses. (While it’s not a good practice to reuse passwords, we know that many people do. Remind clients and employees that if they are using the compromised password for other things — such as personal banking or online shopping —they should create unique passwords for those sites as well.)

Anyone who may have received a compromised email from the affected employees should also be notified to prevent additional phishing attacks. This includes not only other employees and contractors within the company, but contacts at other companies.

How to prevent email phishing attacks

Fortunately, there are a number of proactive steps that brokers can take, and recommend to clients to protect the integrity of their email networks.