On Dec. 7, 2023, the U.S. Department of Health and Human Services, Office for Civil Rights (OCR), announced a settlement with a Louisiana medical group specializing in emergency medicine, occupational medicine, and laboratory testing. The settlement resolves an investigation following a phishing attack that affected the electronic protected health information (PHI) of approximately 34,862 individuals. This marks the first settlement OCR has resolved involving a phishing attack under the Health Insurance Portability and Accountability Act (HIPAA) Rules. Additionally, this settlement comes just a handful of weeks after OCR announced a settlement with a Massachusetts medical management company in connection with a large breach report regarding a ransomware attack that affected the PHI of 206,695 individuals – becoming the first ransomware agreement OCR has reached as well.Continue Reading OCR Doubles Down: Two Settlements in Two Months for Two Common Cybersecurity Issues

You might think your run-of-the-mill privacy and cybersecurity training is sufficient. You might think that by “checking the box” on generic training you have fulfilled your duty and obligation to mitigate data privacy and cybersecurity attacks. You might think that general malware protection adequately secures your company’s data and you can move on with your everyday business efforts without concern.

Think again.
Continue Reading Think Again on Cybersecurity Training – Human Error Continues to Drive Numbers on Cybersecurity Attacks

As we all prepare for what will undoubtedly be an unconventional holiday season, many of us are turning to our computers to check off items on our shopping list instead of bundling up to head to the mall. Online shoppers around the nation have already made the strongest showing in history with $10.8 billion in sales on Cyber Monday alone, which amounts to a 15.1% increase from last year, while foot traffic in brick and mortar stores was down 42.3% for Black Friday weekend. With the recent spikes in COVID-19 cases around the country, staying home and having those packages delivered right to your door step might seem like the safest way to go, but cyber criminals are pouncing at the online shopping frenzy to steal consumers’ personal and financial information.

This increased threat has been a common thread throughout 2020, as we saw cyber criminals amp up their tactics during the early days of the coronavirus crisis and when Americans received their CARES Act stimulus checks. Indeed, the bad guys are not taking a break because of COVID-19.  The FBI reports that cybercrimes are up an astonishing 400% this year. Now it is more important than ever to understand how these criminals operate and how you can avoid falling victim to these crimes so that you can keep your celebrations holly and jolly.
Continue Reading ‘Tis the Season…for Scams and Cybersecurity Threats

The COVID-19 outbreak has ignited a frenzy of scamming attempts as about 90% of Americans are ordered to stay at home and are navigating how to work remotely and keep themselves and their loved ones safe. Our recent bulletin discussed attempts bad actors are using to try to steal personal information through email phishing attacks and ransomware, as well as efforts to ransack bank accounts through donations to fake charities and orders for goods that never arrive. Government officials warn
Continue Reading COVID-19 Bulletin: Avoiding Stimulus Check Scams as CARES Kicks In

Earlier this year, there was a report on a new spear-phishing attack seeking to steal people’s sensitive data.  The spear-phishing email message, apparently drafted to look like it came from FedEx, included a link that took the recipient of the email to a Google Docs page and then used a script to download malware to the employee’s computer. What was notable about this spear-phishing attempt was that the email “bait” actually included employee sensitive data, such as his or her Social Security Number.  This is yet another new wrinkle in such phishing attempts and should serve as a reminder about being diligent in continually monitoring and improving your cybersecurity program.

Last year alone, cybercriminal activity increased 38%. While cybercriminal activity comes in different forms,  90% of all successful cybersecurity attacks begin with phishing emails. That’s right, 90%! If you are wondering whether this should alarm you as a business owner, IT SHOULD. That’s because the greatest workplace threat to data security is rarely cyber-hackers. As we have shared before, the biggest risks are employees making things easy for hackers or violating policies themselves. Every day, millions of employees read their emails. Consequently, in reading those emails, every day thousands of employees unknowingly open phishing emails, downloading malware viruses to their computer and company databases.Continue Reading Data security: The bad guys are stepping up their game. Are you?

Income tax season is arriving, and your company will soon be issuing W-2 forms to all of its employees. Now is a good time to remind all payroll and human resources personnel that a W-2 phishing scam, which has been around for a couple of years, is likely to arise again this year.

This phishing variation is known as a “spoofing” e-mail. It will contain, for example, the actual name of the company chief executive officer. In this variation, the
Continue Reading Don’t Fall for the W-2 Phishing Scam This Year!

To effectively guard against an enemy of any kind it’s important to know your enemy. This strategy is just as effective when fighting an online battle to protect your company’s data.

Before you can effectively defend against cyberattacks, it is important to educate yourself on potential threats and how to handle them. We invite you to join us on September 7 for part two of the Columbus Cybersecurity Series featuring FBI agent David Fine returns. During this portion of the
Continue Reading Real-Life Attacks On Business & What You Can Do To Deter A Cybercriminal – Event September 7

Law firms are increasingly becoming the target of cyber attacks. Below is a phishing attack email example. (You can read Diane Reynolds’ blog post on phishing attacks here.) Basically, bad guys want you to open an email and click on a link that provides them access to your computer and our network. There are some simple ways to spot a phishing email.

First, ask yourself why would UPS send you an email to complete a shipment? Never happens.

Second, why
Continue Reading Law Firms Targeted by Cyber Attacks