On April 11, 2023 – one month in advance of the end of the COVID-19 public health emergency (PHE) on May 11, 2023 – the federal Office for Civil Rights (OCR) confirmed that various Notifications of Enforcement Discretion issued under HIPAA during the PHE will expire at the end of the day on May 11
covid-19
Privacy Tip #352 – Don’t Get Scammed Ordering Your Free COVID-19 Test Kits
The federal government has implemented a program in which each household can order four free COVID-19 test kits through the United States Postal Service (USPS). This is a perfect opportunity for scammers to spoof the USPS site to try to obtain personal information from unwary users.
It is very easy to order the four tests…
Chinese-Based Hackers Alleged to Have Stolen $20M in COVID-19 Relief Fraud Schemes
According to NBC News and Reuters, the United States Secret Service confirmed that hackers from APT41, a criminal cyber-hacking group linked to the Chinese Communist Party, stole “at least $20 million in U.S. Covid Relief benefits, including Small Business Administration loans and unemployment insurance funds in over a dozen states.”
According to the report…
Class Action Filed Against Commonwealth of Massachusetts for Alleged COVID-19 Contact-Tracing Spyware Installation
This week, a lawsuit was filed in the U.S. District Court of Massachusetts against the Commonwealth of Massachusetts for its use of a COVID-19 contact-tracing app for residents’ mobile phones. However, very few residents voluntarily downloaded the app. The solution? The lawsuit alleges that Massachusetts caused the app to be downloaded to certain residents’ mobile…
Privacy Tip #323 – FTC Warns Consumers of FTC Imposters
It’s an old trick, but it works, so alerting our readers is worth repeating. The Federal Trade Commission (FTC) issued a Scam Alert this week warning consumers that fraudsters are impersonating FTC officials.
According to the Alert, scammers are “pretending to be FTC Commissioner Rebecca Kelly Slaughter and staff at the FTC. They’re emailing, saying…
Privacy Tip #312 -Impersonation Fraud Increased During Pandemic
Another fall-out from the pandemic is that impersonation fraud has increased dramatically. According to the Federal Trade Commission, “the COVID-19 pandemic has spurred a sharp spike in impersonation fraud, as scammers capitalize on confusion and concerns around shifts in the economy stemming from the pandemic.” Impersonation fraud costs “have increased an alarming 85 percent…
Update on Apache log4j and Kronos Security Incidents
It was a crazy weekend for cyber-attacks. People seem surprised, but those of us in the industry aren’t surprised one bit. It is very logical and foreseeable that hackers are leveraging attacks that have maximum disruption on multiple victims, including third-party vendors and their customers. It is a “one-stop shop” strategy that is used every…
Smart Health Cards, Vaccine Passports, and Privacy
Massachusetts Governor Charlie Baker and Rhode Island Governor Dan McKee recently announced that they are considering implementing vaccine passport programs in their respective states. Baker stated that he is working with other states to use a QR code system that allows users to scan to verify vaccination status. In Rhode Island, the Department of Health…
Phoenix Children’s Hospital Faces Privacy Lawsuit Over Inadvertent Release of Vaccine Exemption Information
An apparent email snafu has led to the filing of a putative class action against the Phoenix Children’s Hospital. The allegations stem from an email that was allegedly sent out to 368 people that outlined the protocols for employees with approved COVID-19 vaccine exemptions. The email set forth the protocols related to accommodations for such…
Ohio Medicaid Providers’ Personal Information Exposed by Vendor
Maximus, a contractor of the State of Ohio’s Medicaid program reported this week that it experienced a data breach that exposed Medicaid health providers’ names, dates of birth, Social Security numbers, addresses, and other information when it experienced a cybersecurity incident on May 15, 2021.
The incident involved unauthorized access to Maximus’s application that housed…