How to Protect Patient Records From Phishing

How to Protect Patient Records From Phishing

Thanks to the marvelous advances in computing power over the past two decades, most of our work is done through computers, especially online.  And while that gives therapists a much more convenient way to serve their clients, it also opens up possible attempts from hackers to steal sensitive data.  Read more about how to stop "phishing" in its tracks.


First, what is "Phishing"?

Phishing (meant to sound like "fishing") is when a nefarious agent pretends to be someone from your organization, or one of your vendors, and uses that relationship to trick you into entering your login information into a form they have set up.  Once they have your login and password, they can then steal important data, files, etc.

Usually this is done via email, as that is the easiest medium to disguise and make it appear to come from a legitimate source.

 

What can you do to prevent it?

First, only do business with secured, reliable vendors like Behavioral Health Connection.

  • We will never ask you for your password (or any other private information, like credit card details) through email.
  • If you do not recognize the sender of the email, don't reply, and don't download any attachments which might be included.
  • If the email sends you to a web site, first, make sure the site is secured (https:// appears in the URL).  Then, make sure it belongs to BHC.  Our portal address is:  https://my.bhcportal.com.
  • Never enter your username and password into an unfamiliar web site!

 

What should you do if you are not sure?

If you aren't sure if an email is legitimate or not, then simply call the sender and confirm they actually did send it.  If the email appears to come from your "IT" or "EMR" department, you can always reach us at: support@bhcportal.com to confirm.

 

For additional information, you can read more about Phishing from the Federal Trade Commission.