HIPAA Times news | Concise, reliable news and insights on HIPAA compliance and regulations

Combating election-themed phishing attacks

Written by Caitlin Anthoney | Oct 18, 2024 12:47:33 AM

As the 2024 US presidential election draws near, cybercriminals are using phishing emails to target individuals and organizations. Using a HIPAA compliant email platform can help organizations reduce the risk of falling for these phishing schemes.

 

Election-themed phishing

According to ReliaQuest’s 2023 assessment, "phishing was the most prevalent initial access method used by threat actors to breach targeted networks… accounting for an astonishing 71.1% of all tactics, techniques, and procedures (TTPs).”

Threat actors use email, social media, and text messaging to trick recipients into clicking on malicious links, downloading harmful attachments, or revealing sensitive information.

Phishing emails can often masquerade as official communications from political campaigns, election authorities, or news outlets. 

In one of the more high-profile phishing incidents, SocGholish RAT spread via a phony email. The message was titled, " Will you sign the petition to demand that Fox News address and STOP racism and sexism in their election reporting against Kamala Harris NOW?" with the sender's address moveon-help@list.moveon.org leading to a domain known to host malicious content. 

 

Phishing in the 2024 elections

In 2024, phishing emails became even slicker, using the names of political candidates and parties as bait. Trustwave SEG Cloud and Spam Traps found, "Former President and Republican presidential candidate Donald Trump is the most used name in the subject lines of these spam mails – with 29%.”

Malicious actors also used the names of Vice President Kamala Harris and President Joe Biden to get recipients to respond to financial scams and phishing. Many use either fear or urgency to provoke action, like clicking on links to fraudulent sites or downloading malware.

 

How HIPAA compliant email can help combat election-themed phishing

Organizations must use a HIPAA compliant email system, like Paubox, to protect against phishing attacks during the elective season. These email systems offer advanced security methods, safeguarding sensitive information against phishing threats.

More specifically, Paubox email offers advanced threat detection, filtering out suspicious emails and reducing the risk of employees opening malicious links or attachments that could compromise sensitive data. Organizations can also track suspicious activities and phishing attacks before they cause damage.

Additionally, HIPAA compliant email encrypts messages and attachments, keeping communication secure.

 

FAQs

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards for protecting the privacy and security of certain health information, known as protected health information (PHI).

HIPAA is designed to protect the privacy and security of individuals’ health information and to ensure that healthcare providers and insurers can securely exchange electronic health information. Violations of HIPAA can result in significant fines and penalties for covered entities.

 

Does HIPAA apply to phishing attacks?

Yes, phishing attacks in healthcare fall under Health Insurance Portability and Accountability Act (HIPAA) regulations. Phishing attacks compromise the privacy and security of protected health information (PHI), leading to severe penalties, including fines and reputational damage.

 

Can HIPAA compliance give an organization a competitive advantage?

Yes, being HIPAA compliant can attract more patients and business partners, differentiating an organization from its competitors.

Go deeper: Why HIPAA compliance pays off