Cybercriminals are targeting remote workers with fraudulent phishing emails purporting to notify workers that their employment is being terminated. These emails provide clickable links for invitations to teleconference meetings or additional information concerning termination packages in an effort to trick people into downloading malicious software. Scammers are also sending fraudulent emails purporting to perform COVID-19 contact tracing that ask for money, credit card information, or Social Security numbers. Healthcare providers with remote workers may want to warn their workforce about the risks of these phishing scams and how they can safely report them to their employer. If you think your workforce has been targeted with one of these scams, you can report suspected activity to the Federal Trade Commission here. To read more about COVID-19 phishing emails, see our post to the Wyatt HITECH Law blog titled, Scammers Target Remote Workers with Phishing Email Campaigns and this recent USA Today article.
U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a joint alert warning of techniques that advanced persistent threat (APT) groups are using to exploit the COVID-19 pandemic. Click here to read the article.
May 01, 2020
The 2020 worldwide pandemic will go down in the history books much like the 1918 Spanish Flu. One big difference between then and now: the technology that has enabled millions of us to remain moderately productive “at work” from the comfort of our homes. Welcome to the “new normal” of telework. Being comfy at work in yoga pants – saving time by not having to dress for “the office” as we once knew it. Shorter commutes, with coffee refills only steps away in the “breakroom” – our kitchens. Staying connected to our co-workers, clients and work associates in Brady Bunch style, creating a little mystic with virtual backgrounds on Zoom, Microsoft Teams or WebEx video conferencing platforms. Click here to read more.
April 3, 2020
The Microsoft Threat Intelligence Center (MSTIC) issued an alert specific to healthcare providers regarding a type of ransomware known as REvil that cyber criminals have tailored to exploit remote healthcare workers during the COVID-19 public health emergency. The MSTIC “strongly recommends that all enterprises review VPN infrastructure for updates.” The MSTIC alert provides guidance specific to the healthcare sector on how to detect, protect and prevent this type of ransomware. Click here to read the alert.
April 24, 2020
On April 21, 2020, the American Hospital Association alerted its members that the Federal Bureau of Investigations (FBI) had issued an FBI Flash to update healthcare providers on additional cyber activity that continues to exploit fears related to the COVID-19 pandemic. The FBI stated that it had been notified of targeted email phishing attempts against US-based medical providers. The phishing attempts use subject lines and content related to COVID-19 and distribute malicious attachments. Individuals or companies receiving email with unsolicited attachments that may be a phishing attempt should NOT open the email or email attachment if the individual or the company does not have the capability to examine the attachment in a controlled and safe manner. Click here to read the full article.