What term describes when a healthcare worker is deceived into revealing ePHI by someone posing as a trustworthy figure?

The term that describes a situation where a healthcare worker is deceived into revealing electronic Protected Health Information (ePHI) by someone pretending to be a trustworthy figure is social engineering.

Social engineering involves manipulative tactics that exploit human psychology rather than technical vulnerabilities to obtain confidential information. In a healthcare setting, this could involve an attacker impersonating a physician or IT staff to gain access to sensitive patient information. The attack relies on building trust and exploiting the natural willingness of individuals to assist those they perceive as legitimate, making it particularly dangerous in environments that handle sensitive data.

While identity theft refers to the unauthorized use of personal information to commit fraud, it is not specifically about manipulating someone to release information. A data breach is a broader term that encompasses any unauthorized access to or disclosure of protected data, while an insider threat typically involves individuals within an organization abusing their access to information or systems for malicious purposes or for personal gain. Social engineering specifically addresses the deceptive techniques used in manipulating individuals into compliance.