Features Navigation

Live Chat (800) 825-0224 Live Demo

← Back

Interpol’s Latest on COVID-19 Cyberthreats

Disclaimer: This blog article was written by an AdvancedMD partner. The views and opinions expressed in this article are those of the author(s) and do not necessarily reflect the official policy or position of AdvancedMD.

Interpol recently published an article on COVID-19 cyberthreats that discusses the increased risk of cyberattacks during, and perhaps as a result of, the pandemic. By understanding the threats, medical practices have a better chance of avoiding damaging cyberattacks. These threats include:

  • Malicious domains
  • Malware
  • Ransomware

In the latest wave of criminal cyberactivity, hackers are taking advantage of users’ need for information by registering domains with “COVID-19” in the name. This type of attack is hard to distinguish since there are many legitimate COVID-19 domains that provide valuable information. Surfing an illegitimate site may result in malware such as ransomware being installed on your computer. If the site outwardly encourages visitors to bookmark, return, and/or recommend the site to others, you should be wary of the source.

Another tact cybercriminals take is asking if you’d like to receive news and updates. By providing contact information, you’re allowing them to send spam that may contain malicious attachments. Too often, users end up opening an email with an important or critical news alert from this “trusted” source, only to discover later that their device has been infected with malware.

The site may even ask you to create an account with name, contact Information, username, and password. The risk here is that people often use the same username and password for multiple accounts. Once the hackers have a username and password, they can attempt logging into users’ email, online banking, and other internet services. With email access alone, they can send messages to any and all contacts with a link to the malicious site, recommending account registration. Clearly, this has the potential to spread malware and their viruses exponentially. And we all know the probable consequences of bank account access.

Fortunately, there are ways to combat these threats.

First, you can set up your office with an “allowed list” of domains using the hardware firewall that comes with your router. When using an allowed list, people inside your organization can ONLY visit those domains added to the list. If the domain is not on your list, people in your office simply cannot access the website. This option may take time to set up and manage, but it is typically highly effective.

You could also install an anti-malware service that integrates with your web browsers and provides a warning when somebody attempts to visit a known malicious domain. The effectiveness of this approach depends on the service and the domains it qualifies as malicious. Though this option can be easier to manage than the hardware firewall, it may be less secure.

A third option is integrating anti-malware with your email solution so it detects malicious attachments and removes them before a network user is able to open them. When employing this method, it’s essential to ensure anti-malware software is up-to-date and set to run regular system scans for any signs of malware.

Of all these methods, the best thing you can do is make sure all staff members are aware of these cyberthreat tactics, especially bringing attention to suspicious COVID-19 websites. Let your staff know that, in this day and age, it’s not safe to simply surf the web looking for information. More than ever, it’s safest and wisest to only visit known and trusted websites. It helps to point out that trusted websites typically come from academic institutions ending in .edu and government information websites ending in .gov.

You should also make sure system backups are done regularly and that the backups are stored offsite. If attached to your network, a backup may put your storage devices at risk, allowing them to get infected during the process.

Unfortunately, cyberhackers are always looking for new opportunities to infect computers in hopes of accessing, stealing, or holding personal data ransom. It’s up to us to remain vigilant, build our defenses, and protect the integrity and privacy of all our data.

For more information on cybersecurity and protecting your office network, please contact Dr. Michael Brody at TLD Systems.

http://www.tldsystems.com

[email protected]

or call

(631) 403 6687.



Michael Brody, DPM
Dr Brody has been actively involved in Computers and Medicine since the 1980’s. Dr Brody as a Residency Director at a VA hospital on Long Island and was present as the VA moved from paper records to computerized records. During this time, he was exposed to the stringent rules and regulations that government employees need to adhere to when protecting patient information. He co-founded TLD Systems with Warren Melnick to create a platform that doctors who wish to work in private practice have a cost-effective method of implementing HIPAA compliance in their practices in a manner that does not interfere with their ability to practice medicine. He has served on the Health Information Technology Standards Panel (HITSP), the Standards and Interoperability Framework (S&I), as a member of the Ambulatory Care Committee at the Certification Commission on Health Information Technology (CCHIT), and numerous other organizations. He is currently a member of the Physicians Committee at the Healthcare Information and Management Systems Society (HIMSS) and a co-Chair of the EHR workgroup at Health Level Seven International (HL7)

Topic:


Other Resources Related to This Topic


No results found

“The money I have invested in AdvancedMD is miniscule compared to the return. I have never been more efficient – ever – in my professional life as I am now.”

Jed Shay, MD
The Pain Care Center

Read the story  ›

“[Our] patients are very well-educated and well-informed, and they want to see results quickly. The practice has to run extremely efficiently and be accessible to them. The nice thing about [AdvancedMD] is it has allowed me to be more efficient both in and out of the office. Now I don’t have to come back into the office, which is great for my family and everything else. It saves me a lot of time – probably an hour a day on the three days I work in the second office.”

Keith Berkowitz, MD
Center for Balanced Health

Read the story  ›

“The best thing I ever did in private practice was getting AdvancedMD—it has liberated me.”

Estaban Lavato, MD
La Loma Medical Center

“Having integrated practice management and EHR is absolutely wonderful, you don’t have to flip back and forth between systems—all of your information is at hand when needed.”

Raju Raval, MD

Read the story  ›