Providers must remain vigilant about cybersecurity and fraud schemes

Government agencies continue to warm about cybersecurity and fraud schemes.

By now, it’s no secret that the healthcare sector is a major target for cybersecurity attacks in various forms and fraudulent activity. Recently, three federal agencies, the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Centers for Medicare and Medicaid Services (CMS) (collectively “Agencies”) issued another warning about emerging fraud schemes and the related methods of attack. This warning was released in connection with COVID-19 and cyber threats and fraud in all forms.

Specifically, these Agencies alerted the public to the following items, among others:

• Requests asking you to pay out of pocket to obtain the vaccine or to put your name on a COVID-19 vaccine waiting list
• Offers to undergo additional medical testing or procedures when obtaining a vaccine
• Unsolicited emails, telephone calls, or personal contact from someone claiming to be from a medical office, insurance company, or COVID-19 vaccine center requesting personal and/or medical information to determine recipients’ eligibility to participate in clinical vaccine trials or obtain the vaccine
• Advertisements for vaccines through social media platforms, email, telephone calls, online, or from unsolicited/unknown sources
• Individuals contacting you in person, by phone, or by email to tell you the government or government officials require you to receive a COVID-19 vaccine
• Don’t share your personal or health information with anyone other than known and trusted medical professionals.
• Verify the spelling of web addresses, websites, and email addresses that look trustworthy but may be imitations of legitimate websites.
• Ensure operating systems and applications are updated to the most current versions.
• Update anti-malware and anti-virus software and conduct regular network scans.
• Do not enable macros on documents downloaded from an email unless necessary and after ensuring the file is not malicious.
• Do not communicate with or open emails, attachments, or links from unknown individuals.
• Never provide personal information of any sort via email; be aware that many emails requesting your personal information may appear to be legitimate.

Another item related to phishing is the use of cybercriminals attempting to “trick users into opening a ‘LinkedIn Private Shared Document’ and entering their login credentials into a fake LinkedIn login page, security researcher JB Bowers warms.” This message is delivered through LinkedIn; however, users who have their email attached to LinkedIn may also see it appear there. Proceed with extreme caution because the “LinkedIn Private Shared Document” literally does not exist and it should trigger alarm bells for the user.

In sum, cyberthreats are not going away and cybercriminals are becoming more crafty. Stay alert even during these overwhelming times. 

_{About the Author}

_{Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.}