Health Information Compliance Alert
Understand How the NIST Phish Scale Works
PDF
Question: We are working on updating our HIPAA Security protocols after doing a risk analysis of our systems. Our IT manager mentioned a Phish Scale. What exactly is that? Texas Subscriber Answer: In 2020, the National Institute of Standards and Technology (NIST) developed a Phish Scale to better track spikes in cybercrime via email phishing. “The Phish Scale uses a rating system that is based on the message content in a phishing email,” explains NIST in a release. “This can consist of cues that should tip users off about the legitimacy of the email and the premise of the scenario for the target audience, meaning whichever tactics the email uses would be effective for that audience. These groups can vary widely, including universities, business institutions, hospitals and government agencies,” NIST adds. The Phish Scale collects phishing information across five elements and offers a final score, offering click-rate data that can be incredibly helpful to IT management. For example: “A low click rate for a particular phishing email can have several causes: The phishing training emails are too easy or do not provide relevant context to the user, or the phishing email is similar to a previous exercise,” NIST advises. “Data like this can create a false sense of security if click rates are analyzed on their own without understanding the phishing email’s difficulty.” Find out more about the Phish Scale at www.nist.gov/news-events/news/2020/09/phish-scale-nist-developed-method-helps-it-staff-see-why-users-click.
Health Information Compliance Alert
- Case Study:
Feds Offer New Guidance on the Intersection of Telehealth and HIPAA
Warning: Get ready for flexibilities to end post-PHE. The COVID-19 public health emergency (PHE) is [...] - Remote Technology:
Prioritize Remote Accessibility With a Shared Drive
Find out how HIPAA factors into the IT equation. During the pandemic, remote and hybrid [...] - Documentation:
Know the Facts on Virtual Scribes
Understand how HIPAA weighs in on this type of documenting process. Clinicians may find virtual [...] - Reader Questions:
Understand How the NIST Phish Scale Works
Question: We are working on updating our HIPAA Security protocols after doing a risk analysis of [...] - Reader Questions:
Don’t Forget About These HIPAA Rules on PHI Disposal
Question: We have some student helpers working at our practice this summer. We were going to [...] - Reader Questions:
Know This About HIPAA and Group Therapy
Question: At our psychology practice, we often have group therapy sessions. How does HIPAA fit in [...] - Enforcement News:
OCR Issues HIPAA Guidance After SCOTUS Decision
If your patients have privacy concerns about their reproductive rights, the HHS Office for Civil [...] - Enforcement News:
Feds Thwart Hackers in Boston Hospital Attack
With cyberattacks in the healthcare industry increasing, the Federal Bureau of Investigation (FBI) expounds on [...] - Enforcement News:
Prepare Your Systems for ICD-10 2023
The World Health Organization (WHO) has released its list of ICD-10 additions, deletions, and revisions [...]