Post By: Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek, St. Louis https://hipaatrek.com/, Bethany Baty, Digital Marketing Director, HIPAAtrek, St. Louis https://hipaatrek.com/, Margaret Scavotto, JD, CHC, President, MPA, St. Louis www.healthcareperformance.com
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about increased hacker activity during the coronavirus pandemic: Defending Against COVID-19 Cyber Scams.
In this Alert, CISA warns the nation to be on guard against an increase in malicious cyber activity:
“Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.”
Likewise, the FBI addressed an “unprecedented wave” of cyber-attacks in the U.S.
Sadly, hackers are focusing their efforts on the three states hit the hardest by coronavirus: California, New York, and Washington – and hackers are targeting employees working from home. As the virus spreads in more states, this focus could broaden.
CISA outlines precautions you can take to increase your security defense against COVID-19 inspired cyber-attacks:
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
In addition, now would be a good time to increase training on phishing scams and other malicious attacks. Consider providing staff with examples of malicious emails for training purposes, or use phishing drills.