In our previous COVID-19 bulletin, we discussed the importance of companies maintaining information system and data security while allowing employees to work remotely. Over the last week, as people scramble to identify trustworthy information about the spread of COVID-19, how they can protect themselves, and how they can get tested, spammers and scammers have taken advantage of vulnerable telecommuters. For example, in just the past week, media outlets have reported on the following scams:

  • Email Phishing. According to a Kaspersky study and the FTC, email phishing schemes include the use of organizations’ names that would normally seem legitimate. Such emails appear to be coming from representatives of the Centers for Disease Control and Prevention (CDC) or the World Health Organization (WHO). The emails have the CDC or WHO logos and headings or have email addresses that, in a quick glance, look to be official (such as cdc-gov.org). The links in these emails may infect the user’s device with malware or even ask them to enter in an email and password for their Microsoft Outlook account.
  • Domains and Apps. There are website domains that appear to keep track of COVID-19 updates and health information. Instead, these domains prompt users to download apps to access this information. In particular, there is an Android App that, once downloaded, infects the device with ransomware and demands payment or else the data on the device will be erased. Additionally, there is an interactive infections and deaths map circulating that is being used to spread password-stealing malware.
  • Goods Delivery. While goods and supplies, such as cleaning and household supplies, are running out at local stores, there are online sellers purporting to have these items in stock. Instead, they are scams that take your payment and never deliver your ordered items. Employers, or employees in charge of supplies, should be cautious of online retailers and conduct additional research into the seller to verify legitimacy.
  • Fake Charities. As with any major event or crisis, there are scammers trying to take advantage of people’s good intentions. This can take form in fake charities or fake donation pages. The fake charity can be a completely made up organization or one that closely resembles names of established charities.

Continue Reading Don’t Let COVID-19 Lure You In: Phishing and Malware Attacks Skyrocket During Coronavirus Crisis

The Office for Civil Rights (OCR) announced a settlement agreement for $5.5 million dollars with Florida’s Memorial Healthcare Systems (MHS) stemming from allegations it failed to protect patient data. The privacy violation arose out of the unauthorized access of 115,143 patients by MHS employees. The information that was compromised consisted of names, dates of birth and social security numbers. A majority of these impermissible actions occurred when a former employee’s login credentials were used from 2011-2012 which affected 80,000 individuals.
Continue Reading HIPAA’S Privacy Rule: Having a Policy – But Not Enforcing It – Costs Provider $5.5 Million