The Department of Health and Human Services’ Office of Civil Rights is launching an initiative to arm health care professionals with more timely and in-depth information about security threats and vulnerabilities facing the health information sector.
The goal of the improved communications effort is to decrease breaches of electronic protected health information (ePHI) by increasing awareness of new or growing threats to health care data. Their first alert focuses on two tactics that are on the rise: ransomware schemes and tech support scams.
Ransomware: Holding Your Data Hostage
According to the FBI, cybercriminals around the world are ramping up attacks on U.S. targets, from home computers and mobile devices to businesses and institutions of all sizes.
Ransomware is malicious software that, when deployed, renders data inaccessible to authorized users, and then forces them to pay for access to their own data, anywhere from a few hundred to thousands of dollars.
Ransomware can infect devices and systems in a number of ways: spam and phishing messages, botnets, exploit kits, compromised websites and malvertising. The data thieves will often actively lure potential victims to compromised websites by convincing them to click on malicious email attachments or text messages.
A joint study conducted by several security firms estimates the creators of just one version of ransomware, “CryptoWall 3.0,” have acquired over $325 million from victims since introducing it last January. This, along with “CTB-Locker” and “TorrentLocker,” are among the top ransomware programs active today.
Anyone who’s been the victim of a ransomware scheme can contact the FBI’s Internet Crime Complaint Center or the Department of Homeland Security’s U.S. Computer Emergency Readiness Team.
Tech Support Scams: No Help Here
Reports of tech support scams are also on the rise, especially among older individuals.
It starts when a criminal, posing as a computer support technician, convinces a potential victim his or her computer is infected. The “technician” instructs the victim to visit specific websites on the premise this will fix the device, but instead, downloads malicious software and gives the criminal access to the machine. The “tech” then turns around and charges sometimes hundreds of dollars to remove the alleged malware, or will sell the victim a fraudulent protection plan.
According to reports, the scam is often initiated with an unsolicited phone call, but cybercriminals have also made contact through pop-up ads that claim the victim’s computer is infected or promise to increase the performance and speed of the victim’s machine, as well as paid ads that an unsuspecting victim might see when conducing a legitimate search for support.
Microsoft’s Digital Crime Unit says tech support scams are the largest consumer scam happening in the U.S. Approximately 3.3 million people have been victims of the crime, having lost $1.5 billion a year.
Better Business Bureau (BBB) Scam Tracker: A New Resource
The Better Business Bureau is hosting a new website that allows consumers to track scams reported in their area. It features a “heat map” of the number of report scams based on area code, and a “Report Scam” function where consumers can report information if they’ve been the victims of fraud.
Visit the BBB Scam Tracker website https://www.bbb.org/scamtracker/us for additional information.
Clearwater’s products and services can help your organization, contact us today.
We have assisted more than 400 customers to operationalize and mature their information privacy, security, compliance and information risk management programs. And in the process, we are raising the bar for safeguarding PHI, protecting millions of Americans and driving real value for the organizations we support and the healthcare industry at large.
Latest posts by Clearwater Compliance (see all)
- Clearwater Compliance’s IRM|Pro ™ Offers Expanded Enhancements to Address Evolving Hospital Cybersecurity Threats - April 4, 2017
- Cyber Contagions Knock Out Hospital Systems — Prompting Triaging of Cybersecurity to Code Red Status - July 19, 2016
- Exclusive Webinar for American Hospital Association (AHA) Members - July 12, 2016