So many scams and so little time to keep up with them. Yes, that is what it feels like these days. There are so many coronavirus scams we have to take some time to update you guys. There have been cybercrime alerts and stupid people stories galore. Here are the coronavirus scams and crimes we have on our radar this week.
In this episode:
Coronavirus Scams Galore – Ep 251
–
The HIPAA Boot Camp
2020 Session Dates
August 18, 19, 20
Tucker, GA
2020 Fall Session Dates
Sept 15, 16, 17
San Pedro, CA
For info go to TheHIPAABootCamp.com
[button link=”https://helpmewithhipaa.com/hbc” type=”big” center=”yes” newwindow=”yes”] Registration Form[/button]
Share Help Me With HIPAA with one person this week!
Thanks to our donors. We appreciate your support!
If you would like to donate to the cause you can do that at HelpMeWithHIPAA.com.
Like us and leave a review on our Facebook page: www.Facebook.com/HelpMeWithHIPAA
George – unnamed location – Telehealth thingy – lol
He added some special language for the telehealth unsecured options to their P&P
- Ensure to follow all policies and procedures when engaging with the clients.
- Be aware of potential social engineering attacks. Always verify the Client info, including contacting the Client back using the information you know which has been previously verified.
- Advise Clients that we will only communicate with them in a certain official manner and list them. This will inform your Clients on possible social engineering attacks against them if they receive communication purporting to be from us.
- When utilizing any communication apps not previously approved for use under standard privacy and security requirements of HIPAA, advise the Client that the communication is not HIPAA secure and request that the Client not record the session. Recommend approved communication methods when possible and use non-HIPAA alternatives as a last resort.
Coronavirus Scams Galore
Let’s start with a story sent in by one of our listeners. This blended in with several other cases of this madness going around. The criminals are out there setting up these drive thru centers for coronavirus vaccines, remedies and even phony testing. One of the phony testing ones included a mention of HIPPA which was really funny. So happy that a loyal listener sent this one to us or we would have missed it.
Email from listener Tom Cannon
First, I love your podcast and listen to it every week (honestly, I missed a few due to the virus taking my time to help with remote work…but I’ll catch up).
Second, I found a HIPPA in the wild (at [0:21]). https://www.youtube.com/watch?v=-8ZnPtvCFUc. Thought you might enjoy seeing this although it does sound like a group of scumbags trying to make a buck off this horrible pandemic we’re all living through. Please keep up the fantastic work, a lot of us really count on the work you do.
WATCH: Suspicious pop-up coronavirus test site abruptly closes after being questioned | USA TODAY
Full story with more cases in USA Today here: Coronavirus fraud: Fake tests, bogus cures and vaccines abound
I was thrilled to see the reporters were the ones who noticed there is no PP in HIPAA in the scammers sign. The dude claimed he ran a hospital for years and says the reporters who are calling them out shouldn’t be filming these people getting their tests because of their privacy rights. But, they show their sign that says they are “HIPPA CERTIFIED”. OMG – when they point out they don’t even have it spelled right you I think you can see the guy pee just a little – maybe.
The sad thing is this stuff is going on all over the country. This little gem was a special catch by Tom. Thanks so much for sharing your HIPPA in the wild story!
Coronavirus scams big time alert from CISA
Next, we get the big joint alert that screams pay attention to me. Anything like this that begins with stating that it is “a joint alert from the United States Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).” Means there some stuff going down out there in the wild!
COVID-19 Exploited by Malicious Cyber Actors | CISA
There are so many different attacks going on they don’t even try to say they are able to keep up and mention them all:
There is a lot to address here so no sense in rewriting it all for you. See the detailed doc at the link above for your own copy.
- Cybercriminals are using the pandemic for commercial gain, deploying a variety of ransomware and other malware.
- Both APT groups and cybercriminals are likely to continue to exploit the COVID-19 pandemic over the coming weeks and months. Threats observed include:
- Phishing, using the subject of coronavirus or COVID-19 as a lure,
- Malware distribution, using coronavirus- or COVID-19- themed lures,
- Registration of new domain names containing wording related to coronavirus or COVID-19, and
- Attacks against newly—and often rapidly—deployed remote access and teleworking infrastructure.
They go on to include some examples of subject lines for phishing attacks. Send this out to your staff as a reminder of how crafty these criminals can be.
Examples of phishing email subject lines include:
- 2020 Coronavirus Updates,
- Coronavirus Updates,
- 2019-nCov: New confirmed cases in your City, and
- 2019-nCov: Coronavirus outbreak in your city (Emergency).
These emails contain a call to action, encouraging the victim to visit a website that malicious cyber actors use for stealing valuable data, such as usernames and passwords, credit card information, and other personal information.
Don’t let your guard down on mobile devices because they are doing this stuff in SMS messages and messaging apps like Whatsapp. They are attacking anywhere and everywhere whether you can tell or not.
There is no doubt that this will get way worse before it gets better. All of the different government programs where you can get money will have them coming out of the woodwork. There is so much confusion about what programs are available and to whom that there will be easy pickings for criminals with a nicely crafted email.
Keep in mind some of these messages are trying to load malware and others are trying to steal credentials. You can even experience the joy of getting hit by both kinds of attacks.
Teleworking on the fly
While we are thrilled to prove that telehealth and remote learning is doable but doing it so quickly has left doors open. VPN devices and software have patches out.
Similarly, known vulnerabilities affecting VPN products from Pulse Secure, Fortinet, and Palo Alto continue to be exploited. CISA provides guidance on the Pulse Secure vulnerability and NCSC provides guidance on the vulnerabilities in Pulse Secure, Fortinet, and Palo Alto.
Opening the door for cyber attackers playground
Some of the stories the article referenced deserve special attention. In particular, one area where we had made great progress in the last year from a cyber security standpoint was securing or reducing the use of unsecured RDP for remote access. Well, guess what happened when everyone needed remote access?
127% Increase In Exposed Rdps Due To Surge In Remote Work
That problem will only exacerbate the ransomware attacks that Microsoft mentioned in an article 5 March: Human-operated ransomware attacks: A preventable disaster
Thank You IT For Keeping Us Connected
Please remember to thank the IT folks who have brought the whole world online like never before seemingly overnight. These folks have worked endless hours doing their best to keep things up and running so we can all continue to do business. There is very little happening during this pandemic that isn’t being done through the use of technology and telecommunications. Yes, the IT team, as usual, is completely in the background but they are owed a debt of gratitude from all of us.
While it may not have been perfect it has been truly amazing how businesses have been able to do online meetings, collaboration, and keep supplies, money, and information moving as much as they have been during all of this. Families and friends have stayed in touch. Patients have been cared for without leaving home.
We salute our IT folks because we are both those kinds of nerds. But more importantly to remind everyone that their efforts were central to our survival both in and out of healthcare. Please give your help desk, computer guy, tech team, whatever you call them a special thanks when you open your next ticket or call to complain something isn’t working. Remember what they have managed to make work over the last two months has been phenomenal. Especially, when you hear all of the attacks coming at them while they try desperately to meet the needs of everyone they know at the same time.
We will soon find out how well they were able to secure things while they were at it. That is where the rubber meets the road, so to speak. It hasn’t been smooth sailing but hopefully no one will go down with the ship just before we reach the harbor after the storm.
Remember to follow us and share us on your favorite social media site. Rate us on your podcasting apps, we need your help to keep spreading the word. As always, send in your questions and ideas!
HIPAA is not about compliance,
it’s about patient care.TM
Special thanks to our sponsors Security First IT and Kardon.
