Cyber Threat Alert: Coronavirus Scams Hit the US Healthcare Industry

April 3, 2020 Richard P. Kusserow

The FBI is warning healthcare professionals about new COVID-19 (Coronavirus) cybersecurity threats, which include email phishing attacks and telephone scams selling testing kits.

Read about the latest threats below, along with tips for Compliance and Privacy Officers to keep your organization safe from scammers during these trying times when guards are down and fears are heightened.

The Federal Bureau of Investigation (FBI) is warning of a rapid increase in cyber-criminal activity leveraging the COVID-19 (Coronavirus) pandemic crisis. Scammers are sending fraudulent emails and attachments as part of COVID-19 phishing campaigns with subject lines like “test results” or “special alerts,” to steal personal information or gain access to systems.


Oct. 29, 2020 Alert from the National Cyber Awareness System: Ransomware Activity Targeting the Healthcare and Public Health Sector


Exploiting the frenzy of information around the pandemic, attackers often pretend to be a top medical research facility or government agency, such as the National Institutes of Health (NIH), Centers for Disease Control (CDC) and World Health Organization (WHO). The FBI urges caution in opening emails or clicking links from entities selling products that claim to prevent, test, treat, diagnose or cure COVID-19. 

The FBI also warns of a telephone scam offering to ship or sell COVID-19 testing kits, which involves direct calls asking for personal information such as Social Security numbers, bank or credit card information to order the kits. Tell your employees and hospital departments to be wary of any solicitation regarding COVID-19 test kits and encourage clinicians to warn their patients about this scheme and reinforce that testing kits can only be obtained through a physician's order. 

Other COVID-19 phishing scams include asking for charitable contributions or financial relief for the crisis, as well as touting fake cures and vaccines. Be sure to encourage your employees and hospital departments to research all sources before clicking on any links about the virus; donating to charities or contributing to crowdfunding campaigns or purchasing products online. It’s also a good reminder to warn users about giving out personal information in order to receive money or other benefits. 

Tips for healthcare compliance and privacy officers

Cybersecurity attacks pose a constant threat to healthcare organizations, so it’s important to educate and train employees on the proper protocol for avoiding and reporting phishing attempts. Here are four tips for healthcare compliance officers to protect your organization from this latest cyber-criminal activity:

  • Remind employees to beware of coronavirus communications
  • Warn employees not to click on email links/attachment, or respond to inquiries
  • Regularly test users to make sure they are on guard
  • Configure email servers to block zip or other files that are likely to be malicious


SAI Global thanks Richard Kusserow, CEO of Strategic Management Services and former Department of Housing and Human Services (DHHS) Inspector General, for this guest blog post.  


Additional cybersecurity resources

About the Author

Richard P. Kusserow

Richard Kusserow is the CEO of Strategic Management Services. Mr. Kusserow established Strategic Management in 1992 and it has since specialized in developing, implementing and measuring effective compliance operations and programs. Under his leadership, Strategic Management provides a broad range of advisory services including organization assessments, financial/legal fact-finding, values and vulnerabilities assessments, program analyses, special studies/reports, policy development, and specialized education/training programs. He has assisted organizations by providing interim and designated compliance officer services. He provides specialized expertise on fraud and abuse, sanctions, exclusion, and debarment processes, as well as regulatory issues arising from the Centers for Medicare & Medicaid Services (CMS). Mr. Kusserow served eleven years as the Inspector General (IG) for the Department of Health and Human Services (HHS), where he was responsible for oversight over agencies with outlays of over $650 billion per year (38 percent of the annual outlays of the federal government).

Follow on Linkedin Visit Website More Content by Richard P. Kusserow
Previous Article
COVID-19 and the Impact on Compliance Operations in Hospitals
COVID-19 and the Impact on Compliance Operations in Hospitals

The effort to support hospitals during the COVID-19 pandemic has created challenges for healthcare complian...

Next Article
Download the 2020 Healthcare Compliance Benchmark Report
Download the 2020 Healthcare Compliance Benchmark Report

SAI Global, a recognized leader in Integrated Risk Management and trusted global vendor in the healthcare c...

Meet the new SAI360