By Andrea Richard
In these trying times, of what feels like a surreal science fiction movie, cybercriminals and gangs of hackers are targeting healthcare professionals and medical organizations with online scams.
For instance, hackers have reportedly sent seemingly legitimate appearing emails from the Centers for Disease Control and Prevention, asking email recipients to click on a link and open attached documents. It’s not the CDC, but the hackers impersonating the federal organization in hopes of tricking people.
It happens often and more so since the COVID-19 pandemic, as reported.
Those emails sent, once someone clicks and/or opens malicious software, this quick action enables the bad actors to swipe data and information right off the computer, tablet, mobile phone and other devices connected online.
Any information saved into a browser such as usernames and passwords are at risk of being stolen.
Hackers have been aggressively ramping up their attacks on hospitals’ computer systems, seeking vulnerabilities to break into the networks. They are after health records, personal and financial information.
“It’s unfortunate, however, but in times of crisis and uncertainty, cybercriminals forge ahead to trick unsuspecting people into clicking on links and opening infected files with computer viruses known as malware, which is a software that can break into your computer’s system and cause all kinds of havoc and disrupt hospitals’ operations,” says Sanjay Deo, Founder and President of 24By7Security, a cybersecurity and compliance advisory firm.
As healthcare practitioners work under undue stress and navigate what is the new normal set of challenges, they do need to be mindful of online scams.
SkyCam reported in mid-March that an email campaign with malware was sent to healthcare professionals, making urgent claims for them to sign-up for a coronavirus awareness seminar. The email written with the subject “ALL STAFF: Corona Virus Awareness” seemed to come from their IT department. If a staff member proceeded, then the hackers were able to record them using their username and password credentials.
That’s all the info hackers need to get into accounts. It’s like leaving your front door unlocked and your keys in your car’s ignition.
Heatmaps were used in another scam, as reported by Krebs on Security, a cybersecurity news website. The heatmaps track details on the coronavirus outbreak, but they are infected with malware. What appears like an authoritative resource, is, well dangerous.
Cybercriminals are motivated by different things. They hack for monetary gain, of course, and they also exploit because of clashes in political ideology. They’ve been known to cause chaos by spreading, not only malicious software, but misinformation.
Whatever their motivatives are, there are ways to remain vigilant online and stay safe by following best practices. Take extra precautions and do not give out personal information, login credentials. Be careful while responding to any urgent requests because using a sense of urgency is a common tactic among scheming cybercriminals.
Tips from Stay Safe Online on avoiding being a victim of online scams
The following tips published by the National Cyber Security Alliance’s Stay Safe Online (staysafeonline.org), were edited for brevity.
- Think before you click. Cybercriminals are exploiting people during the COVID-19 outbreak. Cybercriminals are distributing malware campaigns that impersonate organizations like WHO, CDC, and other reputable sources by asking you to click on links or download outbreak maps. Go directly to a reputable website to access the content.
- Double check the website’s URL. Malicious websites may use a variation in spelling or a different domain (e.g., .com versus .net).
- When in doubt, verify. Unsure if an email request is legitimate? Verify it by contacting the company or person directly. Contact the company using information provided on an account statement, not information provided in an email.
- Do not give out information. Do not reveal any personal and financial information ever.
- Keep your computer clean. Use an updated anti-virus. Keep all software on internet-connected devices – including PCs, smartphones and tablets – up to date to reduce risk of infection from malware.
Security tips for working from your home
Use a company-issued Virtual Private Network (VPN) to access any work accounts. Update home routers to the most current software. Secure them with a lengthy, unique passphrase. Employees should not be connecting to public WiFi to access work accounts unless using a VPN.
Lock Down Your Login. Create long and unique passphrases for all accounts and use multi-factor authentication (MFA) wherever possible.
Limit user access to devices. Only the approved user should use the device (family and friends should not use a work-issued device).
Use company-approved/vetted devices and applications. Don’t install your preferred tools as opposed to ones that have been vetted by the company’s security team.
Update your software. Before connecting to your corporate network, be sure that all internet-connected devices ‒including PCs, smartphones and tablets ‒ are running the most current versions of software. Updates include important changes that improve the performance and security of your devices.
