Practice Management Alert

Reader Question:

Beware COVID-19-Related Phishing

Question: Even months into the COVID-19 pandemic, I still feel like it’s kind of hard to come by reliable information. I have been getting emails with updates that seem like they’re from trusted sources, but I’m still wary. Have there been any reports of phishing or other cyberattacks related to COVID-19?

Alabama Subscriber

Answer: Yes, the FBI and the Office for Civil Rights (OCR) have been issued warnings about cyberattackers targeting medical providers in the U.S. with phishing attacks through emails. The FBI released an FBI Flash bulletin in late April outlining known attacks, including some of the file names employed by the attackers. The FBI cautioned that the files were not actually supplying information as COVID-19, as the file names suggested, but actually were “malicious attachments, which exploited Microsoft Word Document files, 7-zip compressed files, Microsoft Visual Basic Script, Java, and Microsoft Executables.”

For more information from the FBI, read the bulletin: https://content.govdelivery.com/attachments/USDHSCIKR/2020/04/27/file_attachments/1436494/COVID_Phishing_FLASH_4.20_FINAL.pdf.

Other attacks may be targeting virtual private networks (VPNs), technology that lets remote users log in to a private network.

If you suspect you are a victim to a cyberattack and that protected health information (PHI) or electronic protected health information (ePHI) has been compromised, look to this OCR checklist to determine the next steps you should take: www.hhs.gov/sites/default/files/cyber-attack-checklist-06-2017.pdf.