Highlights from the HIPAA Journal

From the April 6th Newsletter

The HHS (United States Department of Health and Human Services) has issued a Notice of Enforcement Discretion covering healthcare providers and business associates that participate in the operation of COVID-19 community-based testing sites.

• The HHS will not impose sanctions and penalties in connection with good faith participation in the operation of COVID-19 community-based testing sites.
• The purpose of the notification is to help pharmacies, other healthcare providers, and their business associates to provide COVID-19 testing services and specimen collection at dedicated walk-up or drive through facilities, without risking a financial penalty for noncompliance with HIPAA Rules.

Microsoft released a patch for a critical vulnerability. But patching has been slow.

• 82% of public-facing Exchange servers remained vulnerable and had not been patched.
• The firm’s scan identified 433,464 public-facing Exchange servers, and at least 357,629 were vulnerable to an attack exploiting the CVE-2020-0688 vulnerability.

Cyber Hackers use COVID-19 as bait to perform cybercrimes.

• More than 140 phishing and malware distribution campaigns and report that the number of active campaigns continues to rise.
• In the past two weeks alone, Check Point Research reports there have been more than 30,000 domain names purchased related to the coronavirus or COVID-19.
• Barracuda Networks reports there has been a 600% increase in phishing attacks since the end of February

INTERPOL (International Criminal Police Organization) has issued an alert to hospitals over continuing ransomware attacks during the 2019 Novel Coronavirus pandemic.

• Hammersmith Medicines Research Group, which is poised to assist with the development of a vaccine for SARS-CoV-2, was attacked by the Maze ransomware gang, which published sensitive data stolen in the attack when the ransom was not paid.
• Attacks are also taking place through the exploitation of vulnerabilities in RDP and VPN systems, so it is essential for all software to be kept up to date and for patches to be applied promptly.

The Federal Bureau of Investigation has issued a warning following a rise in Business Email Compromise (BEC) attacks that are taking advantage of uncertainty surrounding the COVID-19 pandemic.

• One scam involved a scammer impersonating the CEO of a company and requesting that a scheduled $1 million payment be brought forward due to the Coronavirus outbreak and quarantine processes and precautions. In the emails to employees at an unnamed financial institution, the scammer provided different bank account details for the payment. The email address used by the scammer was identical to the email address of the CEO apart from a single letter.

An Advanced Persistent Threat (APT) group known as Kwampirs, aka OrangeWorm, is continuing to attack healthcare organizations and infect their networks with the Kwampirs Remote Access Trojan (RAT) and other malware payloads.

• The threat group has targeted primary and secondary domain controllers, engineer servers, software development servers that contain source code for software development, and file servers that are used as repositories for R&D data.