It’s Your Call – September 2023

HIPAA: What is the difference between Phishing, Vishing, and Smishing?

Phishing, vishing, and smishing are all types of cybercrimes that involve social engineering techniques to deceive individuals and gain unauthorized access to personal information, such as passwords, credit card details, or financial data. While they share similarities, each term refers to a specific method used by cybercriminals:

1. Phishing is the most well-known term among the three. It involves fraudulent attempts to obtain sensitive information, typically through email or instant messaging platforms. Phishing attacks often impersonate legitimate organizations or individuals to trick recipients into revealing their confidential data, such as login credentials or financial information.
2. Vishing, short for “voice phishing,” is a form of cyberattack that occurs over the phone. Cybercriminals impersonate legitimate organizations or individuals and manipulate victims into disclosing personal information or performing specific actions. This can involve techniques such as caller ID spoofing, where the attacker disguises their phone number to appear as a trusted entity. Vishing attacks often aim to exploit the victim’s trust or create a sense of urgency to obtain sensitive data.
3. Smishing, derived from “SMS phishing,” is a type of phishing attack that targets individuals through SMS or text messages on mobile devices. Cybercriminals send deceptive text messages that appear to be from reputable sources and try to trick recipients into revealing personal information or clicking on malicious links.

While the methods differ, the ultimate goal of vishing, phishing, and smishing attacks is to deceive individuals and gain unauthorized access for malicious purposes. It’s important to exercise caution and be vigilant when sharing sensitive data, regardless of the medium used to contact you.

OSHA: Should all employees be able to access Safety Data Sheets (SDSs)?

Yes, full-time, part-time, and temporary employees should be able to access SDSs promptly and should be trained as outlined under 1910.1200(h). The OSHA standard 1910.1200(g)(8) specifically states: The employer shall maintain in the workplace copies of the required SDSs for each hazardous chemical and shall ensure that they are readily accessible during each work shift to employees when they are in their work area(s). (Electronic access and other alternatives to maintaining paper copies of the SDSs are permitted as long as no barriers to immediate employee access in each workplace are created by such options.) Additional guidance for temps who have multi-employer workplaces can be found under 1910.1200(e)(2).

TMC provides an eSDS service for our clients that prefer electronic access. Please contact us at service@totalmedicalcompliance.com for additional information.