skip to main content


OCR Reminds Organizations of Available Cyber Threat Resources

May 2, 2020

On April 30, 2020, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) issued a notice regarding available cyber threat resources to assist healthcare organizations during this period of heightened cyber security challenges, as healthcare organizations have begun relying more heavily upon telehealth and remote working structures to continue their operations. OCR highlighted the following resources in its notice:

  • OCR Cyber Attack Quick Response Checklist & Infographic. In response to the WannaCry ransomware attack in 2017, OCR developed a checklist and corresponding infographic to assist HIPAA covered entities and business associates to recognize and respond to certain culprits engaged in cyber-related security attacks.
  • FBI Notice regarding COVID-19 Email Phishing Against U.S. Healthcare Providers. On April 21, 2020, the Cyber Division of the Federal Bureau of Investigation (“FBI”) issued a notice that identifies COVID-19 email phishing attacks against U.S. healthcare providers and provides recommended mitigation tactics against such attacks. The notice explains that the phishing attacks use emails with COVID-19 related subject lines and content to disseminate malicious attachments.
  • IC3 Advisory Regarding Online Extortion Scams. On April 20, 2020, the FBI Internet Crime Complaint Center(“IC3”) issued an advisory regarding an increase in reports of online extortion scams during the COVID-19 public health emergency, as a result of the current state “stay-at-home” orders and the increased use of home computers during this time. The advisory lists a few common indicators of an online extortion scam and tips on how to protect oneself from being the victim of such a scam.
  • NSA Guide to Selecting and Safely Using Collaboration Services for Telework. The National Security Agency (“NSA”) recently published a notice that provides security assessment guidance about commercially available collaboration services for teleworkers. The notice sets forth criteria to consider when selecting a collaboration service and provides information for using online collaboration tools securely.
  • HC3 VTC White Paper. On April 3, 2020, the HHS Health Sector Cybersecurity Coordination Center (“HC3”) published a white paper that sets forth recommendations for healthcare and public health organizations to protect their stakeholders from malicious attacks while using video-teleconferencing (“VTC”) services, including Zoom and WebEx.
  • HC3 Brief on Cyber Threats. On April 23, 2020, the HC3 issued a brief on COVID-19 cyber threats that details the increase in Coronavirus-related threats, including phishing attacks and websites.

In these challenging times, it is important to remember that there will be bad actors who use the pandemic to corrupt systems for personal profit. It is important for all to be alert and aware so your organization does not fall victim to these schemes. If you have any questions regarding mitigating or responding to cyber threats during the COVID-19 crisis, please do not hesitate to contact any member of the Health Law Practice Group at Shipman & Goodwin LLP.

© Shipman & Goodwin LLP 2021. All Rights Reserved.