Telehealth Creates Cyber Risks

Telehealth Creates Cyber Risks

Telehealth creates new cyber and medical id theft risks.

In follow up to the July 2, 2020 article titled “MEDICAL-ID THEFT RISKS INCREASE”.  That article we said” we need to be more vigilant about cyber scams, phishing scams, hackers, and insider threats.  The threats that are targeting our online presence – including telehealth services.

Based on the reader response and an article by HealthIT Security, Telehealth is the New Normal, But so is Online Fraud, we thought it appropriate to continue the discussion…

The COVID-19 pandemic has increased consumer risks through cyber scams and medical identity theft.
MEDICAL-ID THEFT RISKS INCREASETelehealth growth has exploded.

HealthITSecurity, states “the U.S. telehealth market was estimated at ~$3 billion with 11% of consumers using telehealth in 2019. Fast forward to pandemic-plagued 2020, the telehealth market is poised to grow to $250 billion with 46% of consumers now using telehealth, according to McKinsey & Company.”

“Unfortunately,” and according to HealthITSecurity, “these benefits are being offset by a variety of fraud schemes where healthcare fraud in the US is approaching $300 billion annually and while the Department of Health & Human Services and the Centers for Medicare & Medicaid Services eased their telehealth requirements to serve more patients during the pandemic, there could be an inadvertent wave of billing fraud and risk patient safety.”

The fact is, the COVID-19 pandemic has cyber scammers, phishing scammers, hackers, and even the insider threat targeting healthcare professionals and consumers.

Examples of fraud scams, phishing scams, hacking, and insider threats include:
  • Fraud scams including fake or fraudulent COVID-19 cures through fraudulent phone calls, fake social media content, and door-to-door sales.
  • Phishing and Vishing Scams including fake emails, texts and phone calls to get you to share personal information like account numbers, Social Security numbers, or your login IDs and passwords.
  • Hacking / Malware where hackers use malicious software such as viruses, worms, Trojan viruses, spyware, adware, and ransomware. 
  • Insider Threats including current and former employees.  The careless worker, the disgruntled employee, the malicious insider, and the outside contractor or vendor can all be threats.

While Telehealth is an emerging opportunity with great potential, Telehealth Creates Cyber Risks that could lead to identity theft.

According to this April 13, 2020, Association of Certified Fraud Examiners (ACFE) blog, “as Telehealth services proliferate, telehealth fraud schemes will continue to evolve (please see here).

Consumers need to be aware that theft of or using your personal information can also originate with Telehealth services. (e.g., name, Social Security number, Medicare number, etc.)

Consumers can also reduce their risk of medical identity theft by safeguarding their health insurance cards, regularly reviewing credit reports, medical benefit explanations, medical bills, and prescription bills.

by Mark Pribish

 

Other Articles around COVID-19 and fraud:

4 SMB Cybersecurity Tips from the FBI

4 SMB Cybersecurity Tips from the FBI

John Iannarelli

John Iannarelli, former FBI Special Agent offers 4 SMB Cybersecurity tips.  Is your business safe from the cybersecurity threat? 

According to the Allianz Risk Barometer for 2020, cyber incidents ranked as the number one business risk in its ninth annual survey of risk experts.

Based on the above, I just interviewed former FBI Special Agent John Iannarelli (http://fbijohn.com/) in between his national television appearances on Fox News and Fox Business.

Mr. Iannarelli retired from the FBI after more than 20 years of service, during which time he was the FBI’s National Spokesperson, on the FBI Cyber Division executive staff, an FBI SWAT team member, and the Assistant Special Agent in Charge of the FBI’s Phoenix Division, where he oversaw all Criminal, Cyber, and Counter Intelligence investigations throughout Arizona.

Since leaving the FBI, Mr. Iannarelli is an active contributor for national news outlets, keynote speaker, author, and security consultant.

I asked Mr. Iannarelli for simple advice on how to keep small businesses safer in 2020.  Here are his 4 cybersecurity tips for small businesses and sole proprietors:

Ransomware

Maintaining a strong firewall, keeping your security software up to date, and the patching of vulnerable software is critical”, said Iannarelli. He also said, “The restoration of your computer files from a backup is the fastest way to safely regain access to your data.”  Mr. Iannarelli recommends “to not pay the ransom as there is no guarantee that you will be able to regain access to your files and that once you pay the cybercriminals they are likely to attack again.” 

Free Public Wi-Fi  (Public Wifi is Putting You at Risk)

Hackers steal consumer data from devices connected to unsecured networks by positioning themselves between you and the connection point. This means that instead of talking directly with the hotspot, you end up sending your data to the hacker. Mr. Iannarelli recommends “use of VPN encryption to help prevent cybercriminals from hacking into your WiFi connection and intercepting the data you send and receive.” 

Vendor Due Diligence

According to the Ponemon Institute, third-party breaches remain a dominant security challenge for small and large businesses.  Over 63% of data breaches are linked to a third party. He said, “Small businesses should establish information security and governance best practices including a data breach and incident response policy and plan.”.   A plan will protect your business, help win new business, and elevate your due diligence profile.

State and Federal Notification Laws

Since the United States does not have a Federal Privacy law.   Mr. Iannarelli stated“understanding current state privacy laws where your small business conducts business is critical to responding to a data breach event in a timely and effective manner.” 

If you have been victimized by an online scam or any other cyber fraud, be sure to report it to the FBI’s Internet Crime Complaint Center at www.IC3.gov or call your local FBI office.

By Mark Pribish
Vice President and ID Theft Practice Leader

error

Enjoy this blog? Please spread the word :)