Blog Series: Staying HIPAA Compliant During COVID-19
Sarah Badahman, CHPSE, Founder/CEO, HIPAAtrek, St. Louis
Bethany Baty, Digital Marketing Director, HIPAAtrek, St. Louis
Margaret Scavotto, JD, CHC, President, MPA, St. Louis
Today is day three of a five day blog series on HIPAA issues that are relevant during COVID-19. Our goal is to help you remain compliant during these challenging times. ~ MPA and HIPPAtrek.
Watch out for COVID-19 cyber scams
The Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) issued a warning about increased hacker activity during the coronavirus pandemic: Defending Against COVID-19 Cyber Scams.
In this Alert, CISA warns the nation to be on guard against an increase in malicious cyber activity:
Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19.
Likewise, the FBI addressed an “unprecedented wave” of cyber-attacks in the U.S.
Sadly, hackers are focusing their efforts on the three states hit the hardest by coronavirus: California, New York, and Washington – and hackers are targeting employees working from home. As the virus spreads in more states, this focus could broaden.
On Monday, the OIG sent out a Fraud Alert warning the public about a new fraud scheme preying on COVID-19 fears. Individuals are using telemarketing, social media, and in-person solicitation to offer COVID-19 tests to Medicare beneficiaries. The scammers obtain patients' personal information and Medicare information, and use it to submit fraudulent Medicare claims and commit identity theft. Individuals who think they need to be tested for COVID-19 should contact their physician or the health department, rather than responding to a solicitation.
CISA outlines precautions you can take to increase your security defense against COVID-19 inspired cyber-attacks:
- Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information.
- Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19.
- Do not reveal personal or financial information in email, and do not respond to email solicitations for this information.
- Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information.
- Review CISA Insights on Risk Management for COVID-19 for more information.
In addition, now would be a good time to increase training on phishing scams and other malicious attacks. Consider providing staff with examples of malicious emails for training purposes, or use phishing drills.
HIPAAtrek and MPA can help make HIPAA compliance easier with policy downloads, training, and HIPAA software. Let us know if we can help.