Post a comment
Print articleOCR Issues Cyber-Security and Scam Alerts Amid Coronavirus
April, 2020 - Beth Pitman
Not only are healthcare providers under attack in the daily battle against the coronavirus, criminal actors are quickly taking advantage of relaxed HIPAA enforcement and standards, teleworking and the general intensity of the situation to exploit patient and other confidential information.
The Department of Health and Human Services, Office of Civil Rights (OCR) issued an alert on Friday that an individual posing as an OCR Investigator has been contacting providers in an effort to obtain patient information. If your organization is currently under investigation, an OCR Transaction number and investigator have been assigned to the matter. OCR recommends that prior to providing information request a confirming email from the OCR Investigator’s email address. If you have any questions, you may contact the OCR at [email protected].
Unfortunately, this is not the first instance and the bad actors have not been resting. Since the beginning of the emergency, and particularly with more frequent use of Facetime, Zoom and other readily available methods for conducting work remotely, there has been a marked increase in hacking incidents. According to Check Point Research, cyber-criminals are actively establishing dark net “stores” marketing malware and hacker services. Not even the Department of Health and Human Services (HHS) is immune. On March 16, HHS was the target of a campaign of disruption and disinformation aimed at undermining the COVID response and slowing government systems. HHS reported the attack was unsuccessful.
OCR provided a warning and advice on March 18from the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA). CISA warned of increased cyber-attacks through social engineering and phishing, recommended enhanced vigilance and the following:
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
