Telehealth creates new cyber and medical id theft risks.
In follow up to the July 2, 2020 article titled “MEDICAL-ID THEFT RISKS INCREASE”. That article we said” we need to be more vigilant about cyber scams, phishing scams, hackers, and insider threats. The threats that are targeting our online presence – including telehealth services.
The COVID-19 pandemic has increased consumer risks through cyber scams and medical identity theft.
Telehealth growth has exploded.
HealthITSecurity, states “the U.S. telehealth market was estimated at ~$3 billion with 11% of consumers using telehealth in 2019. Fast forward to pandemic-plagued 2020, the telehealth market is poised to grow to $250 billion with 46% of consumers now using telehealth, according to McKinsey & Company.”
“Unfortunately,” and according to HealthITSecurity, “these benefits are being offset by a variety of fraud schemes where healthcare fraud in the US is approaching $300 billion annually and while the Department of Health & Human Services and the Centers for Medicare & Medicaid Services eased their telehealth requirements to serve more patients during the pandemic, there could be an inadvertent wave of billing fraud and risk patient safety.”
The fact is, the COVID-19 pandemic has cyber scammers, phishing scammers, hackers, and even the insider threat targeting healthcare professionals and consumers.
Examples of fraud scams, phishing scams, hacking, and insider threats include:
Fraud scams including fake or fraudulent COVID-19 cures through fraudulent phone calls, fake social media content, and door-to-door sales.
Phishing and Vishing Scams including fake emails, texts and phone calls to get you to share personal information like account numbers, Social Security numbers, or your login IDs and passwords.
Hacking / Malware where hackers use malicious software such as viruses, worms, Trojan viruses, spyware, adware, and ransomware.
Insider Threats including current and former employees. The careless worker, the disgruntled employee, the malicious insider, and the outside contractor or vendor can all be threats.
While Telehealth is an emerging opportunity with great potential, Telehealth Creates Cyber Risks that could lead to identity theft.
According to this April 13, 2020, Association of Certified Fraud Examiners (ACFE) blog, “as Telehealth services proliferate, telehealth fraud schemes will continue to evolve (please see here).
Consumers need to be aware that theft of or using your personal information can also originate with Telehealth services. (e.g., name, Social Security number, Medicare number, etc.)
Consumers can also reduce their risk of medical identity theft by safeguarding their health insurance cards, regularly reviewing credit reports, medical benefit explanations, medical bills, and prescription bills.
Credit Freezes vs Credit locks, what you should know is that they are not exactly the same thing.
Credit freezes are now free, but credit bureaus are pushing you to lock your credit instead.
Why you want to know the difference
Consumers, in general, are more worried about identity theft than ever before and they should be. Identity theft is one of the fastest-growing crimes in the past years and will see a significant spike this year. According to a May 22, 2020 ComputerWeekly.com article titled Covid-19 will leave organizations exposed to higher cyber risks (please see here https://www.computerweekly.com/news/252483503/Covid-19-will-leave-organisations-exposed-to-higher-cyber-risks), “hacking attacks and phishing emails could become the new norm.”
The fact is the risk of a data breach event is now higher than ever based on the “increase in phishing email attacks, malicious keylogger attacks and the distribution of password-stealing software.” This means that consumers are more exposed now more than ever and might not know for months or even years that their Personally Identifiable Information (PII) was stolen.
Since the COVID-19 crisis began, state and federal law enforcement has reported on numerous cybersecurity attacks and phishing scams including:
Sophisticated COVID-19 related phishing attacks that use PDF attachments to bypass software security defenses
Fake shipping emails pretending to be from FedEx and UPS to trick customers into downloading malware
Phony LinkedIn “connect” and Facebook “friend” requests to trick users into downloading malware
Fraudulent small business lending emails targeting small business owners including small law firms
New and innovative “vishing” phone scams impersonating government organizations and charities to solicit donations
With the increase in cyber scams, breaches, and ID theft during the current COVID-19 crisis, consumers might consider placing a credit freeze on their credit report.
A credit lock and a credit freeze are similar forms of protecting your credit reports from being accessed by identity fraudsters. The two are often used interchangeably but they are different.
Freezing your credit with each of the three credit bureaus, Equifax, Transunion, and Experian restrict access to your credit for anyone attempting to access it. Access is granted only when you unfreeze your credit. Freezing and unfreezing your credit is free, by law, and requires you to use a password-protected account or pin number.
Locking your credit accomplishes the same restriction to your credit. But unlocking your credit is very easy and can be done immediately at any time. Unlocking can be done on your computer or your phone. This is beneficial because it is far easier to lock and unlock than it is to freeze and unfreeze. You will pay for the convenience of this service.
Both Freezing and Locking your credit prevent others from accessing your credit information, eliminating the possibility that a fraudster could open a new credit account in your name.
CREDIT FREEZES vs CREDIT LOCKS…The choice is yours but both options are worth considering to protect you and your family members.
The Federal Bureau of Investigation (FBI) sends out warnings of emerging Health Care Schemes related to the COVID-19 Pandemic
The FBI is warning the public about several emerging health care fraud schemes related to the COVID-19 pandemic.
“Criminals are actively manipulating the COVID-19 pandemic to their advantage,” said Calvin A. Shivers, assistant director of the FBI’s Criminal Investigative Division. “We ask all Americans to remain vigilant to avoid falling victim to these schemes.”
Bad actors are selling fake COVID-19 test kits and unapproved treatments through telemarketing calls, social media platforms, and door-to-door visits. Many scammers promise free care to patients in order to gain access to their personal and health insurance information, including their dates of birth, Social Security numbers, and financial data.
The FBI wants the public to be aware of the following schemes:
COVID-19 Testing Schemes
Beware of individuals who contact you in person, by phone, or by email to tell you the government or government officials require you to take a COVID-19 test. These scammers will likely ask for your health insurance information, including your Medicare or Medicaid number, and other personal information. Prior health care fraud investigations have shown that once scammers obtain an individual’s personal information, they use it to bill federal health care programs and/or private health insurance plans for tests and procedures the individual did not receive and pocket the proceeds. Be cautious of any unsolicited offers that require or request your medical insurance information.
Also beware of individuals offering to sell you a COVID-19 test kit or supplies, especially when these contacts are unexpected. A physician or other trusted
health care provider should assess your condition and approve any requests for COVID-19 testing. Some scammers are selling fake at-home test kits; some are even going door-to-door and performing fake tests for money. Legitimate tests are offered free to patients when administered by a health care professional.
COVID-19 Treatment Schemes
Legitimate medical professionals and scientists throughout the U.S. are working hard to find a cure, approved treatment, and vaccine for COVID-19. Unfortunately, they don’t yet exist. At the same time, scammers are working hard to sell fake cures, treatments, and vaccines. Ignore unsolicited offers for these fake procedures. Do not provide any personal information, including your financial information, Medicare or Medicaid number, or private health insurance information to anyone offering them.
When an approved treatment or cure becomes available, the first time you hear about it will not be through an email, telephone call, online advertisement, or unsolicited in-person sales pitch from a stranger.
You should also beware of scammers claiming to be medical professionals and demanding payment for treating a friend or relative for COVID-19.
If you do receive treatment for COVID-19, be sure to check the medical bills and the explanation of benefits from your provider, government health program, or insurance company. Ensure your medical bills are accurate! If you spot an error, call your medical provider and your insurance company.
The U.S. Department of Health and Human Services, Office of Inspector General issued a COVID-19 Fraud Alert video to warn about several healthcare fraud scams.
The U.S. Centers for Disease Control and Prevention has posted extensive guidance and information on the Internet that is updated frequently. You may also consult your primary care physician for guidance.
With the growing Coronavirus impact on our society, scams are also growing exponentially. Below is a summary of several of the most common scams, and resources to help you stay ahead of this fraud in the midst of COVID-19.
Staying Vigilant Against Fraud in the Midst of COVID-19
In the midst of the COVID-19 pandemic, frauds and scams are emerging. Americans need to be aware that there are individuals attempting to profiteer from this emergency through online phishing scams, door-to-door COVID-19 testing offers, falsely promising free care, etc.
Report Suspected COVID-19 Fraud to National Center for Disaster Fraud Hotline:
Below is a list of 5 scams designed to defraud you in the midst of the COVID-19 pandemic.
Phishing Scams
We are all looking to keep up with all that is happening with the Coronavirus. Our eagerness and fear may be making us more vulnerable to fake coronavirus update emails, and texts. Think before you click on links, ask yourself if it makes sense. You may be one click away from being infected by malware and adding more stress to your life. Do not give out any personal information over the phone!
Fake Government Representations
The bad guys are pretending to be government representatives. Don’t respond to texts and emails about checks from the government. The details are still being worked out. Anyone who tells you they can get you the money now is a scammer.
Here is an example of a fake Government Representation:
As the U.S. government considers a financial relief package for citizens, false claims of the government sending a $1000 relief check to individuals are already in the works by scammers who seem to be a step ahead of any official decision. Fraudsters are posing as the government to collect your personal information such as Social Security numbers or bank account numbers to send out your “coronavirus financial aid” deposit.
Update and Donation Sites Websites designed to collect your Personal Identifiable Information (PII) are being published.
Some examples we have seen:
Coronavirus updates
Emergency Response Plan Sites
Donation Sites
Others include the “sale” of things like facemasks, sanitizer, test kits etc.
NO CURE… The FTC and FDA have jointly issued warning letters to seven sellers of unapproved and misbranded products, claiming they can treat or prevent the Coronavirus. The companies’ products include teas, essential oils, and colloidal silver.The FTC says the companies have no evidence to back up their claims — as required by law. The FDA says there are no approved vaccines, drugs or investigational products currently available to treat or prevent the virus. Read more about the warning letters.
Fake Jobs This has affected all of us in one way or another. Unfortunately, some have lost their jobs and are looking for a solution. The dirtbags know this and are creating fake job postings to entice some of us to participate in a scam or to provide PII. Make sure you know what you are applying for and do your research before you provide any information.
We are all dealing with this in our own ways but we need to be careful. Careful with each other but also with potential fraud in the midst of COVID-19.
If you think you have been a victim, please do not hesitate to reach out to us here at defend-id. Or if you spot a fraud please report it:
Report Suspected COVID-19 Fraud to National Center for Disaster Fraud Hotline:
I read a great article last week by Risk Based Security – a leader in vulnerability intelligence – about modern phishing attempts (please see here) and how Coronavirus Fear and Anxiety Drives Phishing Scams. “malicious attackers are targeting unsuspecting people on the web.”
This article said there was a “tendency to associate phishing with crude boilerplate emails, dubious attachments, and poor attention spans”. But, sophisticated “attackers were spoofing system update prompts or redirecting users to pages with all sorts of dubious code.”
But it gets worse. Cyber thieves and ID theft criminals didn’t are already taking advantage of fear and anxiety surrounding the global COVID-19 pandemic.
Risk-Based Security then released another article titled Coronavirus Isn’t the Only Virus Going Around (please see here) reporting that “malicious attackers will always find new ways to target individuals and organizations. This time, hackers are installing malware on computers and harvesting user credentials by preying on people’s curiosity and fear of the coronavirus (COVID-19).”
Phishing Example
One new phishing example is where “scammers pose as the Centers for Disease Control (CDC) advising that there are new COVID-19 cases reported in the user’s city and requesting that they follow a link to learn more. From there, clicking the provided URL covertly redirects the user to a spoofed login page. If the user completes the process by providing their credentials, they are now compromised.”
The Major Cause
For years I have written and spoken on how IT and hacking are the sizzle that makes the news headlines. However, the vast majority of data breach events are the result of phishing emails and not high technology hacking tools.
According to the FBI’s Internet Crime Complaint Center (IC3) 2019 Internet Crime Report (please see here), phishing scams were the most common type of internet crime last year where 114,000 U.S. consumers lost more than $57.8 million in 2019 as the result of phishing.
Let’s not forget…
that cyber and ID theft criminals pretend to be trustworthy to trick people into handing over personal details or account information. Now COVID-19 related scams are showing up in multiple locations including the internet, your work email, and your personal email.
Based on the severity of our national emergency and because of Coronavirus Fear and Anxiety Drives Phishing Scams – we need to be diligent and aware of the numerous phishing emails and scams in the foreseeable future.
By Mark Pribish
Vice President and ID Theft Practice Leader
John Iannarelli, former FBI Special Agent offers 4 SMB Cybersecurity tips. Is your business safe from the cybersecurity threat?
According to the Allianz Risk Barometer for 2020, cyber incidents ranked as the number one business risk in its ninth annual survey of risk experts.
Based on the above, I just interviewed former FBI Special Agent John Iannarelli (http://fbijohn.com/) in between his national television appearances on Fox News and Fox Business.
Mr. Iannarelli retired from the FBI after more than 20 years of service, during which time he was the FBI’s National Spokesperson, on the FBI Cyber Division executive staff, an FBI SWAT team member, and the Assistant Special Agent in Charge of the FBI’s Phoenix Division, where he oversaw all Criminal, Cyber, and Counter Intelligence investigations throughout Arizona.
Since leaving the FBI, Mr. Iannarelli is an active contributor for national news outlets, keynote speaker, author, and security consultant.
I asked Mr. Iannarelli for simple advice on how to keep small businesses safer in 2020. Here are his 4 cybersecurity tips for small businesses and sole proprietors:
Ransomware
“Maintaining a strong firewall, keeping your security software up to date, and the patching of vulnerable software is critical”, said Iannarelli. He also said, “The restoration of your computer files from a backup is the fastest way to safely regain access to your data.” Mr. Iannarelli recommends “to not pay the ransom as there is no guarantee that you will be able to regain access to your files and that once you pay the cybercriminals they are likely to attack again.”
Hackers steal consumer data from devices connected to unsecured networks by positioning themselves between you and the connection point. This means that instead of talking directly with the hotspot, you end up sending your data to the hacker. Mr. Iannarelli recommends “use of VPNencryption to help prevent cybercriminals from hacking into your Wi–Fi connection and intercepting the data you send and receive.”
Vendor Due Diligence
According to the Ponemon Institute, third-party breaches remain a dominant security challenge for small and large businesses. Over 63% of data breaches are linked to a third party. He said, “Small businesses should establish information security and governance best practices including a data breach and incident response policy and plan.”. A plan will protect your business, help win new business, and elevate your due diligence profile.
State and Federal Notification Laws
Since the United States does not have a Federal Privacy law. Mr. Iannarelli stated“understanding current state privacy laws where your small business conducts business is critical to responding to a data breach event in a timely and effective manner.”
If you have been victimized by an online scam or any other cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.
By Mark Pribish
Vice President and ID Theft Practice Leader
Telehealth growth has exploded.
Freezing your credit with each of the three credit bureaus, Equifax, Transunion, and Experian restrict access to your credit for anyone attempting to access it. Access is granted only when you unfreeze your credit. Freezing and unfreezing your credit is free, by law, and requires you to use a password-protected account or pin number.
Locking your credit accomplishes the same restriction to your credit. But unlocking your credit is very easy and can be done immediately at any time. Unlocking can be done on your computer or your phone. This is beneficial because it is far easier to lock and unlock than it is to freeze and unfreeze. You will pay for the convenience of this service.
COVID-19 Testing Schemes
COVID-19 Treatment Schemes
