It’s a new year, and already, cybercriminals are targeting healthcare—this time, with an old-school tactic: Phone Spoofing.
An incident a few weeks ago involving Gritman Medical Center in Moscow, Idaho, serves as a stark reminder that criminals don’t just turn to new technology – sometimes they can go to a trusted old-school method using healthcare phone spoofing scams, where they call patients, to gain access to sensitive patient information.
How the Healthcare Phone Spoofing Scams Work
Fraudsters use caller ID spoofing in healthcare to make their phone calls appear as though they are coming from a legitimate hospital or clinic. This tactic increases the likelihood that patients will trust the call and unknowingly provide confidential information.
In a recent statement, Gritman Medical Center warned that scammers may pose as hospital representatives and attempt to collect personal details. “These scammers can easily ‘spoof’ a phone number, making a call appear as if it is coming from the hospital or our clinics,” the hospital posted on social media.
Why Healthcare Organizations Are Targeted
Healthcare institutions hold a wealth of personal and financial information, making them attractive targets for cybercriminals, specifically healthcare phone spoofing scams. Stolen data can be used for fraudulent medical claims, identity theft, and even black-market sales. Cybercriminals know that patients are often more willing to trust calls from their healthcare providers, making phone spoofing a highly effective attack method.
Steps Patients Can Take to Protect Themselves
If you receive an unexpected call from a healthcare provider asking for personal information, consider these precautions:
- Verify the Call: Hang up and contact the hospital or clinic directly using their official phone number.
- Never Share Sensitive Information: Be cautious about sharing insurance, Medicare, or financial details over the phone.
- Enable Call Blocking Tools: Use call blocking apps or services to filter out potential spoofed calls.
- Report Suspicious Activity: Notify the healthcare provider if you suspect a fraudulent call attempt.
- Stay Informed: Follow updates from your healthcare provider about potential scams.
Preventing Healthcare Scams
Patients aren’t the only ones targeted in these healthcare phone spoofing scams. Hospital staff, specifically IT teams, are also targeted. That’s why organizations must take proactive measures to prevent healthcare scams and mitigate the risks associated with phone spoofing scams internally as well, including:
- Staff Training: Educate employees on how to recognize and respond to spoofing attempts.
- Patient Communication: Inform patients regularly about potential threats and how to verify legitimate communications.
- Technology Solutions: Implement advanced call verification and cybersecurity monitoring tools.
How Fortified Health Security Can Help
Preventing healthcare scams requires a comprehensive strategy. Fortified Health Security specializes in securing healthcare systems from cyber criminals by offering:
- Threat Intelligence: Identifying and mitigating emerging threats, including phone spoofing scams.
- Security Awareness Training: Empowering staff and patients with the knowledge needed to recognize fraudulent activity.
- Incident Response Services: Rapid response capabilities to contain and address security breaches.
- Advanced Security Solutions: Implementing technologies to safeguard hospital communication channels and protect sensitive data.
By partnering with Fortified Health Security, healthcare providers can take a proactive stance against cyber threats and ensure their patients’ trust and data security remain uncompromised from any type of attack – old school or new.
Contact us to learn more about how our services can help keep your organizations and patients safer from healthcare spoofing scams.
You can also download our 2025 Horizon Report to learn more about emerging threats and actionable strategies to address them.
