The FBI is warning healthcare professionals about new COVID-19 (Coronavirus) cybersecurity threats, which include email phishing attacks and telephone scams selling testing kits.
Read about the latest threats below, along with tips for Compliance and Privacy Officers to keep your organization safe from scammers during these trying times when guards are down and fears are heightened.
The Federal Bureau of Investigation (FBI) is warning of a rapid increase in cyber-criminal activity leveraging the COVID-19 (Coronavirus) pandemic crisis. Scammers are sending fraudulent emails and attachments as part of COVID-19 phishing campaigns with subject lines like “test results” or “special alerts,” to steal personal information or gain access to systems.
Oct. 29, 2020 Alert from the National Cyber Awareness System: Ransomware Activity Targeting the Healthcare and Public Health Sector
Exploiting the frenzy of information around the pandemic, attackers often pretend to be a top medical research facility or government agency, such as the National Institutes of Health (NIH), Centers for Disease Control (CDC) and World Health Organization (WHO). The FBI urges caution in opening emails or clicking links from entities selling products that claim to prevent, test, treat, diagnose or cure COVID-19.
The FBI also warns of a telephone scam offering to ship or sell COVID-19 testing kits, which involves direct calls asking for personal information such as Social Security numbers, bank or credit card information to order the kits. Tell your employees and hospital departments to be wary of any solicitation regarding COVID-19 test kits and encourage clinicians to warn their patients about this scheme and reinforce that testing kits can only be obtained through a physician's order.
Other COVID-19 phishing scams include asking for charitable contributions or financial relief for the crisis, as well as touting fake cures and vaccines. Be sure to encourage your employees and hospital departments to research all sources before clicking on any links about the virus; donating to charities or contributing to crowdfunding campaigns or purchasing products online. It’s also a good reminder to warn users about giving out personal information in order to receive money or other benefits.
Tips for healthcare compliance and privacy officers
Cybersecurity attacks pose a constant threat to healthcare organizations, so it’s important to educate and train employees on the proper protocol for avoiding and reporting phishing attempts. Here are four tips for healthcare compliance officers to protect your organization from this latest cyber-criminal activity:
- Remind employees to beware of coronavirus communications
- Warn employees not to click on email links/attachment, or respond to inquiries
- Regularly test users to make sure they are on guard
- Configure email servers to block zip or other files that are likely to be malicious
SAI Global thanks Richard Kusserow, CEO of Strategic Management Services and former Department of Housing and Human Services (DHHS) Inspector General, for this guest blog post.
Additional cybersecurity resources
- WHO – Cybersecurity
- CISA Cyber Infrastructure (U.S. DHS) – National Risk Management on Coronavirus
- StaySafeOnline – U.S. National Cyber Security Alliance Encourages Vigilance Against Coronavirus Scams, Best Cybersecurity Practices for Remote Workers
- UK Action Fraud – Coronavirus-related fraud reports increased by 400% in March
- UK National Cyber Security Centre (NCSC) – Updated guidance as working from home increases in response to COVID-19
- Trend Micro – Developing Story: Coronavirus Used in Malicious Campaigns
- U.S. FDA – Beware of Fraudulent Coronavirus Tests, Vaccines and Treatments