The Department of Health and Human Services (HHS) suffered a cyber-attack on its computer systems aimed to create a campaign of disruption and disinformation in the form of undermining its response to the coronavirus. In light of this news, it is clear health care providers have more than enough to address.  Protecting your systems from cyber threats is more important than ever. The National Cyber Security Center (NCSC) is warning that criminals are looking to exploit the spread of the coronavirus through heightened cyberattacks and hacking campaigns. NCSC experts have spotted a range of scams including phishing attacks, credentials theft, ransomware campaigns and more. In fact, a joint alert also went out this week from United States Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) warning of criminal groups using COVID-19 as a lure in phishing emails.

So, what is a busy health care provider to do amidst all the other important patient and employee safety issues its currently facing? The answer is to review company-wide training and awareness.

Here are some tips:
  1. Alert employees that cyber security attacks are increasing and ask them to follow company policies and procedures.
  2. Send employees information about how to identify phishing emails.
    • Don’t open emails from an unfamiliar sender.
    • Many phishing emails have poor grammar, punctuation and spelling. Don’t open these.
    • Take note of the design and overall quality of the email. Is it what would you’d expect from the organization the email is supposed to come from?
    • Is it addressed to you by name, or does it refer to ‘valued customer’ or ‘friend’ or ‘colleague’? This can be a sign that the sender does not actually know you, and is part of a phishing scam.
    • Does the email contain a veiled threat that asks you to act urgently? Be suspicious of words like ‘send these details within 24 hours’ or ‘you have been a victim of crime – click here immediately’.
    • Look carefully at the sender’s name. Does it sound legitimate, or is it trying to mimic someone you know?
    • If it sounds too good to be true, it probably is. It’s unlikely that someone will want to give you money, or give you access to a secret part of the Internet.
  3. Ask employees to notify your IT department if they’ve received a suspicious email that may be phishing.
  4. Check out Volta’s Security Assessments and Training page here.

In conclusion, while cyber security is always important, health care providers should take extra steps to assure its work force is aware of and on the lookout for cyber attacks, as criminals start using the coronavirus as a means to invade IT systems.

Blog contributed by: Lisa Hinkle at McBrayer PLLC