OCR offers resources for COVID-19 cyberthreats

May 5, 2020
Medicare Web

As cyber criminals continue to target healthcare organizations during the novel coronavirus (COVID-19) pandemic, the Office for Civil Rights (OCR) is providing the public with guidance and resources to help combat the threats.

On April 30, OCR issued an extensive list of resources to raise awareness of COVID-19-related cyber threats and help organizations detect, prevent, and respond to the threats.

The resources include a cyberattack quick response checklist, an FBI notice regarding email phishing attempts targeting healthcare organizations, additional notes and guidance from the FBI on the increase of online extortion scams during the COVID-19 pandemic, and similar guidance from the National Security Agency.

In addition, OCR included recent guidance from the Health Sector Cybersecurity Coordination Center (HC3) on mitigation and remediation for video-teleconferencing  risk factors. These recommendations from HC3 include the following:

  • Pay special attention to any voice or video conferencing software or other remote collaboration tools for the duration of the COVID-19 pandemic as these present an enticing target for malicious cyber threat actors.
  • Ensure all users are utilizing the most up-to-date teleconference software. Apply all operating system and application patches aggressively. For vulnerability management programs, ensure proper prioritization of systems and patches.
  • Conference managers should be especially careful when authorizing attendees to join a meeting. They should selectively specify who can share their camera, microphone, or screen.
  • Configure password protection for all conferences and protect those passwords accordingly.
  • Do not configure conferences to be available to the public, unless necessary. Do not post about conferences on unrestricted social media posts, unless necessary.

Finally, OCR provided a link to a Department of Health and Human Services (HHS)  presentation on COVID-19 cyber threats. The presentation, delivered on April 23, covered topics such as the fake Johns Hopkins coronavirus map scam and phishing emails disguised to look like they are being sent from a credible source such as the World Health Organization.

HHS noted an 800% increase in COVID-19 phishing from January to February, and a similar increase from February to March.

To access additional resources and information, visit OCR’s cybersecurity guidance page.

Related Topics: 
HIM/HIPAA