“As more of our employees work from home and are under the collective stress of the COVID-19 pandemic we become easy victims,” said David Ginsberg, PrivaPlan president. “Security reminders and awareness at this time are essential.”

Many in healthcare are dealing with upheaval in their workplaces due to converting employees to telecommuting and changing patient care to telemedicine. It’s been an intense couple of weeks and will likely keep on for a while. PrivaPlan’s Michaela Kahn warns that in the midst of this uncertainty, unfortunately, the threat of phishing and ransomware continues. Kahn shared a grim reminder that crime doesn’t take a break in difficult times, but instead ramps up.

Just as cybercriminals in the past had no qualms about using real life events and crises to steal data and make money – they are not showing any sign of letting up during the COVID-19 pandemic. In fact, they are already using fake Covid-19 information to scare or trick users into clicking on links and going to fake websites offering information, bogus cures, or shocking content. They have also started to send out fake emails about the federal government’s new stimulus package. There are also reports that phishing schemes around telecommuting and telehealth are making the rounds.

If you’re converting to telehealth and telecommuting, please make your users aware of how and when this will be implemented. Make sure instructions for using telemedicine software solutions are clear so that employees know how to spot a bogus spear-phishing email pretending to be the telemedicine platform you are using. And continue to inform your users about the risks of phishing emails on all topics – but particularly around the COVID-19 pandemic.

With the increased stress also comes increased risk. We recommend implementing an ongoing phishing simulation testing and training program as soon as possible. This is particularly important because vigilance can become relaxed when a user is working from home. “Phishing threats evolve on a daily basis, with bad actors using current events and fear to lure people into clicking on an unsafe web link, entering credentials or opening attachments,” said Ginsberg.

PrivaPlan is here to help. For questions about HIPAA and telecommuting or telemedicine, email or call our office at 505-466-1432. For questions about suspicious emails, take a screen shot, and send along to mkahn@privaplan.com. For information about implementing a Phishing Testing Program, call 505-466-1432 or email mkahn@privaplan.com.

OCR issues Notification of Enforcement Discretion

On March 20, the Office for Civil Rights (OCR) at the U.S Department of Health and Human Services (HHS) issued guidance on telehealth remote communications following its Notification of Enforcement Discretion during the COVID-19 nationwide public health emergency.

The Notification, announced that OCR is exercising its enforcement discretion to not impose penalties for HIPAA violations against healthcare providers in connection with their good faith provision of telehealth using communication technologies during the COVID-19 nationwide public health emergency.