News & Insights
Apr 4, 2020
Not only are healthcare providers under attack in the daily battle against the coronavirus, criminal actors are quickly taking advantage of relaxed HIPAA enforcement and standards, teleworking and the general intensity of the situation to exploit patient and other confidential information.
The Department of Health and Human Services, Office of Civil Rights (OCR) issued an alert on Friday that an individual posing as an OCR Investigator has been contacting providers in an effort to obtain patient information. If your organization is currently under investigation, an OCR Transaction number and investigator have been assigned to the matter. OCR recommends that prior to providing information request a confirming email from the OCR Investigator’s email address. If you have any questions, you may contact the OCR at OCRMail@hhs.gov.
Unfortunately, this is not the first instance and the bad actors have not been resting. Since the beginning of the emergency, and particularly with more frequent use of Facetime, Zoom and other readily available methods for conducting work remotely, there has been a marked increase in hacking incidents. According to Check Point Research, cyber-criminals are actively establishing dark net “stores” marketing malware and hacker services. Not even the Department of Health and Human Services (HHS) is immune. On March 16, HHS was the target of a campaign of disruption and disinformation aimed at undermining the COVID response and slowing government systems. HHS reported the attack was unsuccessful.
OCR provided a warning and advice on March 18 from the Department of Homeland Security, Cybersecurity and Infrastructure Security Agency (CISA). CISA warned of increased cyber-attacks through social engineering and phishing, recommended enhanced vigilance and the following:
Although, there are waivers and OCR enforcement discretion related to certain HIPAA standards, there remains the HIPAA obligation to maintain the security of patient information and, in the event of a breach, follow HIPAA (and applicable state) breach notification requirements.
CLICK HERE TO SUBSCRIBE TO Coronavirus CONTENT
Whether a current or prospective client, we are here to help your business thrive. Please send us a message and we will respond to your needs as soon as possible.
SEND US A MESSAGE