Vishing Cyberattacks Compromising Provider Credential Information

Apr 6, 2021 | Credentialing, Fraud / Waste / Abuse, GRC

All Blogs

When scammers attack, they don’t just target private individuals – they also strike businesses, including the healthcare industry, to obtain information they can use for criminal activity. As a healthcare organization, you have a responsibility to protect the private healthcare information of your patients and providers. Understanding vishing and its risk to your organization can help safeguard against the threat.

What Is Voice Phishing, or Vishing?

Vishing occurs when scammers pose as a trusted company or institution, such as a bank, a government agency, or a credit card company, to obtain personal or protected information through phone calls, emails, or voice messages. These messages may look or sound legitimate because they are often personalized and appear to be sent from within organizations the person or business may have legitimate reasons to be in contact with.

Why Are Attackers Trying to Obtain Provider Credential Information?

Unfortunately, these types of attacks are increasing. The COVID-19 pandemic has loosened restrictions on technology and procedures that provided safeguards against vishing. For example, more healthcare workers now work remotely, with less secure networks, making it easier for cybercriminals to gain access to their computers and systems.

According to a recent FBI alert, vishing attacks that used to be confined to employees with network access have now expanded to include all employees. A recent campaign called remote employees to trick them into logging onto a website to share personal information.

“During COVID-19 shelter-in-place and social distancing orders, many companies had to quickly adapt to changing environments and technology,” the report said. “With these restrictions, network access and privilege escalation may not be fully monitored.”

Recent attacks have resulted in cybercriminals obtaining access to company networks, login credentials, and personal employee information.

“As more tools to automate services are implemented on companies’ networks, the ability to keep track of who has access to different points on the network, and what type of access they have, will become more difficult to regulate,” the report added.

How To Protect Your Organization from Vishing Attacks

A few practices can help keep your information safe. Safeguards include multi-factor authentication, domain monitoring, software restriction policies, VPN restriction, and network segmentation.

You can also restrict outside access to provider information by using a credentials verification organization. Verisys not only verifies your providers’ credentials, keeping their personal information private, it also uses best practices such as continuous monitoring that will alert you to any unusual activity. By using Verisys for your organization’s credentialing needs, you can protect your provider information while meeting credentialing standards, allowing you to provide the highest possible level of care.

Verisys Written by Verisys
Verisys transforms provider data, workforce data, and relationship management. Healthcare, life science, and background screening organizations rely on our comprehensive solutions to discover their true potential. Visit to learn how we turn problems into power.

  • Secure, configurable, and proven solutions
  • Accurate, compliant, and complete information
  • NCQA, URAC, and ISO accreditations/certifications

Follow us on LinkedIn