In the past few years, I have written a series of short stories about Womble, known among his colleagues in the CIA as the god of the honey trap. He is actually an incompetent spy who fails at honey trapping his targets because he is clueless about seducing women, but he somehow magically gets the information that he is on a mission to obtain. If you like fiction, these short stories are available on Amazon Kindle. If you wonder what I could possibly know about the CIA or intelligence work, I served as East German branch chief in West Germany during the Cold War while I was a military intelligence officer in the Army after I had served as an Infantry platoon leader in Vietnam and before I went to law school to become a JAGC Officer, so I have a clue. The Womble stories led me to write a sequel to my latest fiction attempt, Ghost Six and the Bright Blue Blade, which was just recently published by Christian Faith Publishing, Medville, PA, 2019. Now, I am working on the sequel, tentatively titled, Ghost Six and the Valkyries. In this sequel, the heroine, Judith, must honey trap the Supreme Leader of Iran to prevent him from nuking Tel Aviv. This plot led me to begin a nonfiction article for an organization for governing and advisory board members for all types of corporations, tentatively titled, “Honey Traps Are Just for Defense Secrets, Right? Wrong.” In this article, I discuss corporate espionage going on using honey trapping and how to guard against it in such business entities.
That article made my editor, Alice McCart, and me wonder whether any such techniques had been used to obtain or attempt to obtain HIPAA protected health information (“PHI”). The first such attempt that I found was a reverse honey trap. A Boston hospital had created bogus Kennedy family health records so that it could identify and discipline staff members who browsed that PHI out of curiosity.[1]
Although such a honey trap is not the type of honey trap that one normally thinks about—that is, one in which the beautiful woman seduces the male target—the definition of honey trap is broader: a technique in which an irresistible bait is used to lure a victim. The Kennedy family health records were the irresistible bait. The Cambridge Dictionary gets more specific in its definition: the use of an attractive person to try to get information from someone.[2]
I did not find other reports of actual honey traps to get medical information, but it doesn’t mean that they haven’t happened.
Because a criminal could honey trap a health care worker to obtain highly sensitive data, we should at least consider whether we should protect against it. Turning to what can be done to prevent honey traps from exposing sensitive information, in his blog, a computer expert says that we must do the following:
- Remain aware at all times; not just during our formal working hours.
- Be ever cognizant for something that may seem too good to be true.
- As banal as it may seem, make an effort to truly understand yourself and know your weaknesses. The better we understand what might entice us, the more difficult it will be for someone to employ a honey trap against us.[3]
He goes on to outline precautions against being honey trapped:
- General precautions and multiple considerations when preparing for such an eventuality:
- Don’t follow that girl. Because much of this article is dedicated to the seduction honey trap, women who may seem especially interested in you or your profession should be treated with extreme caution.
- Take Favors From No One. Someone who seems overly eager to help you could have an ulterior motive. By seemingly ‘hooking you up,’ they may pressure you to reciprocate, often times using guilt or fear as a motivator.
- Do your Due Diligence: Whenever possible, attempt to find information about someone who is trying to entice you. A conspicuous absence from the cybersphere, or reluctance to give information about themselves, might indicate a false identity or someone who does not wish to be identified.
- Observe the room with a critical eye, hone your situational awareness skills, and consider:
- Don’t follow that girl. Because much of this piece is dedicated to the seduction honey trap, women who may seem especially interested in you or your profession should be treated with extreme caution.
- Take Favors From No One. Someone who seems overly eager to help you could have an ulterior motive. By seemingly ‘hooking you up,’ they may pressure you to reciprocate, often times using guilt or fear as a motivator.
- Do your Due Diligence: Whenever possible, attempt to find information about someone who is trying to entice you. A conspicuous absence from the cybersphere, or reluctance to give information about themselves, might indicate a false identity or someone who does not wish to be identified.
- Take special note of her behavior and demeanor during the exchange and consider:
- Does she seem overly interested in your work or professional life?
- Is she suggesting isolation? I.E. going up to her room, your room, or somewhere else private?
- Does she seem nervous?
- Is she attempting to make suggestive physical contact, such as touching the knee, playing with your hair, and so forth?
- Be especially cognizant of someone manipulating your drinks. Do not leave a drink unattended, and be aware of anyone attempting to slip you some type of drug.[4]
Health care workforce members, besides what they may need to take away from this cautionary tale themselves, should consider getting this guidance out to all of the entity’s personnel.
In conclusion, honey traps are an effective means of manipulation and fraud. The honey trapper need only determine one’s weakness and then exploit it. And health care personnel and entities are vulnerable to this type of exploitation. It is incumbent upon all of us working with health information to know ourselves, our weaknesses, and what someone may have to gain by seducing us. Falling prey not only will compromise us as individuals, but also will negatively affect our entities and our patients/clients.
[1] Ross J. Anderson, Security Engineering: A Guide to Building Dependable Distributed Systems, 2nd ed., Wiley Publishing, Inc., Indianapolis, Indiana, 2008, Sec. 5-2 (unpaginated electronic version) at https://books.google.com/books?id=eo4Otm_TcW8C&pg=PT430&lpg=PT430&dq=honey+trap+medical+records&source=bl&ots=gBHNAIeD6b&sig=2vdSK5Z5NCgAxO54Kzu8O43GsDM&hl=en&sa=X&ved=2ahUKEwibhdy-3dffAhWKooMKHTJDBdQQ6AEwD3oECAoQAQ#v=onepage&q=honey%20trap%20medical%20records&f=false.
[2] Cambridge Dictionary, Definition of “Honey Trap,” at https://dictionary.cambridge.org/us/dictionary/english/honey-trap.
[3] Michael Mancino, “Beware the Honey Trap,” https://mmancinobl og.wordpress.com/2015/04/10/beware-the-honey-trap/.
[4] Id.