HCA Healthcare, which operates 180 hospitals and healthcare facilities has disclosed that it has suffered a massive data breach in which personal information including names, email addresses and phone numbers of eleven million of its patients was stolen and recently posted on the Dark Web. The good news is that the stolen information does not include credit card numbers or Social Security numbers which can more directly lead to identity theft. However, information such as was compromised in this data breach can readily be used by scammers and identity thieves to formulate effective spear phishing emails and text messages to lure people into clicking on infected links and downloading malware or otherwise falling for a scam that may seem legitimate because the spear phishing scammer is able to tailor the email or text message to actual matters that relate to the targeted victim.
Spear phishing differs from more conventional phishing emails and text messages because they will include your name in the salutation rather than a generic “dear customer” or something similar. They also tailor the message with information that relates to you personally, such as, in the case of the HCA Healthcare data breach, a medical matter.
As I often say, it is not a matter of if your personal information will be compromised in a data breach, but when. You are only as safe and secure as the weakest places that hold your personal information which is why whenever you get an email, text message or phone call in which you are asked to click on a link or provide personal information, you should remember my motto, ‘trust me, you can’t trust anyone.” The risk of clicking on a malware infected link or providing personal information to a scammer or identity thief is too great unless you have absolutely independently confirmed that the communication is legitimate.
If you are in the mood to get scared you can go to the free website haveibeenpawned where you can find out what data breaches have affected you personally. https://haveibeenpwned.com/
If you are not a subscriber to Scamicide.com and would like to receive free daily emails with the Scam of the day, all you need to do is to go to the bottom of the initial page of http://www.scamicide.com and type in your email address on the tab that states “Sign up for this blog.”