During the coronavirus pandemic, providers are doing their best to operate as normal as possible to avoid delays in patient care. Security continues to be a critical piece of maintaining operational efficiency, and the Federal Communications Commission has identified new COVID-19 scams and cyberattacks attempting to take advantage of the pandemic. Take note of the following considerations and expert recommendations to protect your organization during this time.
First and foremost, ensure your staff is informed on recent recommendations from the FCC regarding COVID-19 consumer scams. Scammers are attempting to exploit individuals through text message hoaxes making claims about government-mandated quarantines or financial relief offers, most likely attempts to get banking or other personal information from victims. In addition, robocalls are being used by scammers to offer free test kits or fake cures in exchange for account information or money.
Consumers are advised to not respond to these messages and to never click on links or share personal information via phone or email. Complaints can be filed online at https://consumercomplaints.fcc.gov/hc/en-us.
In response to CDC guidelines for social distancing, providers are increasingly turning to telemedicine to treat patients. In accordance with the surge in the use of telehealth services, cyberattackers are more aggressively targeting video conferencing platforms.
One popular videoconferencing service, Zoom, experienced a massive increase in users – along with an increase in privacy issues. The company has formed a CISO council and advisory board to identify and improve upon weaknesses in its platform, including a transparency report and a 90-day plan.
While video call platforms are facing unprecedented issues due to COVID-19 cyberattackers, providers should take care to ensure proper privacy settings are engaged and security and compliance recommendations are followed.
In addition, the Office of Civil Rights has paused many investigations due to the coronavirus. Earlier in March, President Donald Trump announced that his administration would not be enforcing HIPAA penalties. In early April 2020, the American Hospital Association warned of someone posing as an Office for Civil Rights investigator in order to obtain private health information.
The OCR recommends that HIPAA-covered entities and their associates notify their staff and take steps to verify a person’s claim of being an OCR investigator. This process can include asking for the individual’s email address, which will end in @hhs.gov, and requesting a confirmation email from the investigator’s hhs.gov account.
As healthcare providers continue to dedicate hours to combat COVID-19, security must remain a key component of these efforts. The recommendations above are a great start to ensuring staff is informed and protected against potential scams and cyberattacks. Staying up to date on government recommendations and news will help organizations continue to focus on patient care without worry of these issues.