Practice Management Alert
Keep 'Pharm' Hands off Patient Info
Question: Our medical office has had problems with -phishing- scams on our Web site. Today, I happened to overhear the head of IT mention -pharming- in a conversation. This sounds so similar to -phishing- that it got me thinking -- and worrying. What is -pharming,- and do we have to safeguard our office Web site against it? Answer: Unfortunately, -pharming- is very real -- and potentially quite damaging to medical offices caught unawares.
Tennessee Subscriber
Experts are warning medical offices that have their own Web sites about this scheme, which could severely compromise your patients- identities and health info.
Pharming might well be called -Phishing 2.0,- because it represents a fairly new, and more devious, update to the concept of -phishing.- With phishing, your patients are sent an e-mail solicitation asking them to click on a URL that is supposed to send them to your Web site but routes them to a fake Web site instead. Your patients enter their logon information -- giving the crooks access to valuable personal information.
Pharming kicks this concept up a notch. The attack still originates with an e-mail that tricks patients into clicking on an embedded URL. If they fall for the scam, they-re providing confidential data to the ne-er-do-wells. But with pharming, the URL your patients click on is an exact match to your institution's URL, says Donna McIntire, product marketing manager with Postini Email Solutions in Austin, Texas.
In addition, with pharming, an embedded virus installs a code on patients- computers. The virus poisons each server the e-mail goes to in order to redirect patients to a criminal's Web site instead of your site, McIntire says.
If patients click on the URL in a pharming solicitation, and that code poisons whatever server they connected to, they-ll be taken to the phony site without realizing it.
What's the difference? The false site is exactly the same as your site, with one crucial exception: When patients log on to your site, a -key- or -lock- symbol is viewable that indicates a secure session.
-If you go to the criminal's Web site, that's not the case,- McIntire says.
Pharming affects only those Windows programs that came out before 2003. If you-re running Windows software older than 2003, such as Windows 98, and not keeping up with the Microsoft patches for this threat, you-re at risk, McIntire says.
Ask a techie for help: The only way to prevent phishing is to have your technical consultant do something about it.
Practice Management Alert
- Thwart Embezzlement Efforts With These Tips
Be ready, because some employees can't resist dipping into the till
Having a few simple procedures [...] - You Be the Billing Expert:
Check Applicants' Exclusion Status -- or OIG May Exclude You
Experts: Exclusions database search must be part of background checks
Slacking off on checking the HHS [...] - Tech Tool:
Frequent Password Changes Provide Bulwark Against Cyber-Siege
E-mail from Russell Crowe? Something's probably not right
Think your employees know how to stop an [...] - Staffing Tips:
Employ These Strategies for Productive Employment Ads
Frustrated by lack of response? The trouble could be your choice of medium
How many times [...] - News You Can Use:
Providers Get a Break From Name/ID Edits
Pressure from thousands of providers has led the Centers for Medicare & Medicaid Services (CMS) [...] - September's Recipe for Billing Success
Beware Submitting Claims for PIN-less New Doctors
If you-ve got a new doctor at your practice, [...] - Reader Questions:
Keep 'Pharm' Hands off Patient Info
Question: Our medical office has had problems with -phishing- scams on our Web site. Today, [...] - Reader Questions:
Waiving Fees for Colleagues Can Put Doctors at Risk
Question: One of the doctors in my practice has asked me to waive the charges [...]
