Showing no signs of letting up on enforcement actions, the Office for Civil Rights (OCR) late last week settled an investigation against Metro Community Provider Network MCPN, a Colorado based federally qualified health center, for alleged HIPAA violations. The fine, a whopping $400,000 for the center, which provides health care services to low income patients, … Continue Reading
Another employee falls for a phishing attack. This time, it was an employee of the Washington University School of Medicine The employee received a phishing email on December 2, 2016, and fell for what looked like a real request, responded to it, which allowed access to employee email accounts, which included the health information of 80,000 … Continue Reading
The Office of Management and Budget (OMB) released a report this week indicating that federal agencies experience almost 31,000 cyberincidents in 2016. The Federal Deposit Insurance Corporation was responsible for 10 of 16 major incidents. These incidents resulted when personally identifiable information was able to be downloaded onto removable media. Despite the dismal number of … Continue Reading
On March 6, 2017, the Federal Trade Commission (FTC) released tips and a video to businesses that have been impersonated by Phishing schemes. The guidance, entitled “Has a phishing scam hooked your company’s good name?” provides businesses with several tips to respond to being impersonated through a phishing scheme. The tips include: Notify and alert customers … Continue Reading
W-2 phishing schemes continue to be a problem for companies in every industry. Last week, American Senior Communities based in Indiana announced that one of its employees was scammed through a phishing email and thereafter sent over 17,000 employees’ W-2 forms to the fraudulent emailer. Unfortunately, the scam was not discovered until a month after … Continue Reading
We continue to see all industries hit with W2 phishing scams, including the health care industry. Citizens Memorial Hospital, located in Bolivar, Missouri, was hit with the scam when one of its employees believed that an email received from another employee was legitimate, and sent the W2s of its employees from 2016 to a hacker. … Continue Reading
Just when I thought everyone knew about the continued W2 schemes, where phishing emails are used to get company employees’ W2 forms so the thief can file a false tax return and get a refund, several additional clients have been hit with the scheme and the thieves were successful. Just like after holiday sales in … Continue Reading
Cybersecurity hit the news hard in 2016. The number of high profile, and troubling, cyber incidents increased significantly. The Democratic National Committee and one of Clinton’s top advisor’s being hacked, with leaked emails by Russia, according to intelligence reports, may have influenced the U.S. election. Theft of document from the Mossack Fonseca law firm in … Continue Reading
Although every year we lament about the significance of data breaches in the past year, 2016 was by far the worst. Data breaches were rampant, victimizing every industry and numbing consumers in the process. It was so bad that consumers began to throw up their hands and say “My personal information is out there anyway. … Continue Reading
On November 28, 2016, the Office for Civil Rights (OCR) issued an Alert to its listservs that a phishing email is being circulated on “mock HHS Departmental letterhead under the signature of OCR”s Director, Jocelyn Samuels” to employees of HIPAA covered entities and business associates. The email looks official and tells the recipient that it … Continue Reading
I am watching Game 7 of the World Series, and it is the bottom of the 8th and the score is 6-6. It is very difficult to concentrate on this blog post. So I am taking the easy way out and reminding you to check the privacy settings on your LinkedIn account. What is the … Continue Reading
We previously reported that several U.S. Olympians’ medical records were posted online by the Russian hacking group Fancy Bear [view related post]. The World Anti-Doping Agency (WADA) has confirmed that the medical records of 25 more Olympic athletes have been accessed and released online. These athletes are from 8 countries, including 10 from the U.S., … Continue Reading
FireEye Labs has reported that the Locky ransomware continues to hit the health care industry hard and has increased in the month of August. Although the telecommunications, manufacturing, and aerospace/defense industries are also being targeted with Locky ransomware, the health care industry is being attacked with greater frequency and intensity. The health care industry should … Continue Reading
Those of you with Amazon Prime Now accounts love the convenience of getting goods delivered to your home RIGHT NOW, well at least within hours until Amazon drones become common place. But beware of recent reports that fraudsters are hacking into customers’ Prime Now account, buying expensive items, then waiting outside your home while you … Continue Reading
This article co-authored with guest blogger David Wang, a R+C summer associate and student at Boston College Law School Wire fraud crime has long been a problem for financial institutions and banks. However, wire fraud through email is a completely different beast. Originally characterized by law enforcement as an extension of traditional wire fraud, wire fraud by … Continue Reading
We can’t go a week without commenting on how rampant ransomware is in the industry. The FBI recently released a report confirming how devastating ransomware has become for U.S. businesses. According to the report, ransomware infections caused more than $1.6 million in losses in 2015. The FBI Internet Crime Complaint Center IC3 received 2,453 complaints … Continue Reading
We have been repeatedly warning our clients and readers about the massive and successful W-2 phishing schemes where hackers impersonate the CEO or CFO and send emails to payroll and/or HR folks in companies requesting W-2 forms of employees [see related posts here and here]. It became such a problem that the IRS issued an … Continue Reading
Experian Data Breach Resolution sponsored a recently released Ponemon Study entitled “Managing Insider Risk through Training & Culture.” The report is quite timely in light of all of the recent successful W-2 phishing schemes. The report is very informative and worth the read. The highlights include that 66% of the respondents “admit employees are the … Continue Reading
Phishing incidents in February that may have compromised the data of 3,184 patients, including their names, dates of birth, medical record and account numbers, dates of service and medical information is causing Wyoming Medical Center in Casper, Wyoming to notify the patients of the incident. Luckily, according to the medical center, no financial information or … Continue Reading
We have consistently reported about increased phishing attacks through emails that purport to come from high level executives, including CEOs. According to the FBI, the hackers use sophisticated social engineering to spoof company emails to “assume the identity of the CEO, a company attorney, or trusted vendor. They research employees who manage money and use … Continue Reading
On March 1, 2016, the Internal Revenue Service alerted the business community of an e-mail phishing scheme designed to convince employees to provide company-wide W-2 tax forms containing social security numbers and other personally identifiable information [view related post]. While the scam has taken different forms, the most prevalent approach is a purported internal e-mail … Continue Reading
We have frequently alerted individuals and companies about the increasing risk and success posed by sophisticated phishing schemes. It has become such a real and grave problem that the U.S. Computer Emergency Readiness Team of the Department of Homeland Security (US-CERT) has teamed up with the Canadian Cyber Incident Response Centre to issue a joint … Continue Reading
Tidewater Community College (Tidewater) has announced that the personal information, including names and Social Security numbers of 3,193 current and former faculty and staff members was compromised in a phishing scheme and the information has been used to file fraudulent tax returns. The hacker impersonated a Tidewater employee and asked another Tidewater employee to send … Continue Reading
It’s tax season. The dreaded April 15 federal tax filing deadline is looming. You try to be diligent, and you file your tax return early, hoping to get an early refund. But when you try to e-file your return, it gets rejected because you have already submitted your tax return and your refund has already been … Continue Reading
