Medical Practice Vulnerabilities during COVID-19: Cybercrime

In the mist of the COVID-19 pandemic, medical practices are overwhelmed with the number of patients seeking testing and office visits related to COVID-19. Interpol has released a “purple notice” to its 194 member countries warning them of the heightened ransomware threat during the pandemic. The threat of cybercrime has increased in the United States against organizations dealing with the pandemic, as reported by a statement released by Microsoft Corp. Ransomware and malware are forms of cybercrime which are used to disrupt entities who conduct business over “internet of things” devices. As most medical practice in the United States have converted to electronic medical records, they are the prime target for Cybercriminals.

A list of suspicious internet domains has been collected by Interpol, as they conduct investigation into these threats and are assisting in investigating victims who have be attacked. Healthcare providers should be most cautious now during this escalation of attacks. Most victim entities are hacked or held ransom due to employee error a large percentage of the time. Becoming aware on how to prevent these cybercrimes has never been more important. If a medical practice is breached by malware or held ransom, the medical practice is required to report said attack to the local and federal governing agencies. In addition, an attack can force you to close your practice down and avail you to thousands of dollars in penalties.

A few tips which employers should consistently remind employees who work via “internet of things” are do not open emails which are from senders who are not familiar to the employee. Do not download software onto work computers which are not from trusted sources. Only click on webpage links which are verified, by hovering the mouse pointer over the webpage link. Keeping a daily backup of patient database is strongly recommended for those medical practices who store information at the physical practice location.

Although the Office of Civil Rights (hereinafter “OCR”), has release leniency over privacy rules under HIPAA requirements, they have still advised that other protocols are still active and in place under the security rules and other privacy regulations. The OCR is releasing weekly guidance on HIPAA and privacy concerns related to the COVID-19 outbreak.


For additional tips and ways to protect your medical practice, please contact Carlos H. Arce, Esq. from the law offices of Lubell Rosen.


This article does not bind me as your lawyer (unless you have presently retained our series through a retainer agreement). This article is not intended to serve as legal advice and is purely educational and informative. Please consult a healthcare attorney for legal advice on the content of this article. If you wish to engage Carlos H. Arce, Esq. and/or Lubell Rosen for legal advice please contact the Fort Lauderdale office 954-880-9500 or cha@lubellrosen.com. The information contained in this article is based on current times and is subject to change. 


Share this Post:

Carlos H. Arce,  Esq.

 cha@lubellrosen.com
 (954) 880-9500
 V-Card