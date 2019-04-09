SPRINGFIELD, MA (WGGB/WSHM) - Questions remain after Baystate Health admits to a phishing scam that may have compromised the personal information of hospital patients here in the Pioneer Valley.
We're talking about phishing with a p-h and not the kind of fishing you do on a Summer afternoon.
This type of phishing is when a hacker sends you an email, baiting you to put in your private information, but there are ways to spot the dangerous lure.
On Monday, Baystate Health announced that nine of their employees fell victim to a phishing email scam.
They clicked on links and entered their passwords, giving hackers free access to personal information, including patient records and social security numbers.
It's a mistake that can happen to anyone, and has devastating consequences, but there are things to look out for.
"If they are asking you to reply with your password," Associate Professor of Computer Science Brian O'Neill tells us. "That is a red flag and fake, but another thing is look at the spelling. These aren't always well written."
It's not just hospital employees that get emails like this, anyone can get a phishing email sent to their work or personal accounts.
No matter what business you are in, security can be compromised.
"Now," continued Professor O'Neill. "They have given you a user name and password. Here at the university, they now have access to my students' grades, my personal information, or worse. At a hospital, that can be patient information. At a bank, it's your account."
Professor O'Neill tells Western Mass News these emails can look legitimate, but really making sure they have correct intentions before inputting personal passwords is always the best practice.
"Check where that link is taking you," stated Professor O'Neill. "Check to make sure that a link that claims to be coming from your employer actually comes from your employer."
