Cyber Security:Phishing – Don’t Get Caught At Home

Like many health care providers, DHU Health Care has recently seen an increase in the number of fraudulent or ‘phishing’ emails being sent to staff during the Covid-19 pandemic.

Throughout June, as part of our cyber security campaign, DHU Health Care have been focusing on ‘phishing’ and offering our staff advice and guidance on how they can stop themselves falling for a scam.

What is Phishing?

Phishing is when hackers and criminals send unsolicited emails or texts (smishing) that contain attachments or links to try and trick people into providing access to information such as personal data, patient data, health care records or details of IT systems.

These attacks are often very difficult to spot.

A recent example is attackers setting up email accounts on internet mail services in the name of an employee at a CCG, GP practice or supplier to make the address look real. The attacker then uses the email account to target a staff members. Attackers have tried to convince staff to transfer funds to a bank account, infected computers with viruses and stole confidential information.


How can I stay safe when working from home?

If you receive an email, text or call from what looks to be a familiar organisation or contact, which you believe to be suspicious (such as an unusual payment request for goods/services, outside of the normal payment process) make sure you question it:

  • don’t click on suspicious links or open any suspicious attachments
  • be alert in particular to COVID-19 phishing, vishing, smishing (telephone and text equivalent of phishing) scams.  Threat actors are well aware that people are being asked to work remotely and it presents an opportunity for them to exploit.
  • don’t use public WiFi, either work offline and connect later once at home on a more secure network or connect by tethering to your mobile device
  • be suspicious of any emails asking you to check or renew your passwords and login credentials. Try to verify the authenticity of the request through other means e.g. call the IT helpdesk or ask your colleagues
  • if you’re working from home then change the admin/default password on your home broadband router and ensure the firmware on your home broadband router is up to date
  • make sure you are running all the latest versions of software on all your devices
  • consider password protecting documents that you send across the internet to other colleagues
  • don’t use your work email address to register on non-work-related websites
  • have a data back-up strategy, and remember to do it: All important files should be backed up regularly

Nat Pearson, Head of IT & Telecoms DHU Health Care, said: “As an organisation DHU take data security seriously and have rigorous measures in place to protect both colleagues and patient’s information, however no system is completely impenetrable.

We all have to work together to minimise the impact our services. Data security is everyone’s responsibility and we all have a duty to protect public information in a safe and secure manner.”

Whether you are working remotely, or in the office, it’s important to remain vigilant. If something does not feel right, be it an email, text, phone call or a physical approach then report it.

Always remember: If it doesn’t feel right, report it.