Kusserow on Compliance: Increase guard on cybersecurity during COVID-19 pandemic

Many health care organizations are facing attacks by cyber-criminals who are using the COVID-19 crisis to get individuals to be less vigilant about security. Hackers are taking advantage of the fears and uncertainty about the pandemic to gain access to systems through malware. These hackers impersonate health authorities such as NIH, CDC, and FDA to get individuals to open attachments that purportedly have important information on the spread of the disease, lockdowns, and quarantine. These new phishing scams have been rapidly spreading during the crisis. As organizations move to expanded teleworking, the vulnerabilities to such attacks greatly increase. As new systems are being introduced for remote working, steps need to be taken to ensure that security and privacy controls are in place. This is particularly important because employees may lower their guard when introduced to new unfamiliar communication methods. Even government agencies are subject to attack. HHS had a cyber-attack on its computer system, intended to disrupt and undermine the response to the coronavirus pandemic. The attack involved overloading the HHS servers with millions of hits over several hours in order to impair operation of the systems. Fortunately, HHS had no degradation of the functioning of its networks.

Tips and Reminders

  1. Alert employees to beware of COVID-19 communications
  2. Re-educate employees on phishing and social engineering defense tactics
  3. Remind employees to not click on email links/attachment, or respond to inquiries
  4. Review third-party vendors’ access to information systems
  5. Authenticate access, particularly as more employees work remotely
  6. Regularly test users to make sure they are on guard
  7. Configure email servers to block zip or other files that are likely to be malicious
  8. Monitor those accessing sensitive data

Richard P. Kusserow served as DHHS Inspector General for 11 years. He currently is CEO of Strategic Management Services, LLC (SM), a firm that has assisted more than 3,000 organizations and entities with compliance related matters. The SM sister company, CRC, provides a wide range of compliance tools including sanction-screening.

Connect with Richard Kusserow on LinkedIn.

Subscribe to the Kusserow on Compliance Newsletter

Copyright © 2020 Strategic Management Services, LLC. Published with permission.