Lewis Roca Blog

Cybercriminals are exploiting the vulnerability of the healthcare community affected by COVID-19, an increase in teleworking and the need by medical professionals to stay current on coronavirus information. Ransomware attacks that lockdown hospital networks and medical practices at this critical time have become more prevalent as well as other types of attacks. Phishing, remote access technical exploits, and targeting unsecured devices used by stay-at-home staff are a few of the other schemes being used by cybercriminals. This alert focuses on phishing schemes.

On April 21, 2020 the FBI Cyber Division issued a FLASH alert warning that cybercriminals are using targeted email phishing attempts specifically targeting US-based healthcare providers using subject lines and content related to COVID-19. According to the alert, the emails contain malicious files that, when downloaded, are believed to create an intrusion vector that enables the attacker to exploit, dwell on and even exfiltrate information once the attacker gains access to the victim’s system.

The subject lines of the emails exploit healthcare providers’ need to keep up to date on COVID-19 information and the need to provide patients continuity of care in the event of disruption by COVID-19. The emails identified by the FBI had subject lines such as, “Information About COVID-19 in the United States,” “Business Contingency Alert – COVID-19”, and “Todays Update on COVID.” Perhaps even worse, some of the email subject lines have suggested that the email was from the World Health Organization.

The FLASH alert is to inform healthcare providers of the increased targeting they face as well as to ask that providers report back on receiving emails that appear to be part of this phishing scam. The FLASH alert explains:

If you or your company are targeted by a phishing campaign, please provide the FBI with a copy of the email with the full email header and a copy of any attachments. Please do not open the attachment if you or your organization does not have the capability to examine the attachment in a controlled and safe manner. Additionally, if you or your company is a victim of a cyber intrusion related to email phishing, please retain any logs, image(s) of infected device(s), and memory capture of all affected equipment, if possible, to assist in the response by the FBI.

The FBI recommends healthcare providers implement the following to mitigate their risk:

• Be wary of unsolicited attachments, even from people you know. Cyber actors can "spoof" the return address, making it look like the message came from a trusted associate.
• Keep software up to date. Install software patches so that attackers can't take advantage of known problems or vulnerabilities.
• If an email or email attachment seems suspicious, don't open it, even if your antivirus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the antivirus software might not have the signature.
• Save and scan any attachments before opening them.
• Turn off the option to automatically download attachments. To simplify the process of reading email, many email programs offer the feature to automatically download attachments. Check your settings to see if your software offers the option, and disable it.
• Consider creating separate accounts on your computer. Most operating systems give you the option of creating multiple user accounts with different privileges. Consider reading your email on an account with restricted privileges. Some viruses need "administrator" privileges to infect a computer.
• Apply additional security practices. You may be able to filter certain types of attachments through your email software or a firewall.

Lewis Roca attorneys can assist healthcare providers with the preventative management of data protection and cybersecurity risks as well as those who are responding to cyberattacks. We have developed a strategic alliance with eosedge Legal and engaged Doug DePeppe as a Strategic Advisor. Together, we have strong ties with the FBI and the newly formed global cyber threat hunting organization – the COVID-19 CTI League, which has received acclaimed attention in online media. DePeppe is a member of the COVID-19 CTI League, which coordinates with law enforcement and cyber service providers, to support cybercrime protection for the healthcare industry. DePeppe and eosedge Legal complement the legal services the firm provides with the technical expertise and know-how to evaluate, mitigate and respond to cyberattacks in a fully informed manner. This specialized level of cyber service, with connections to the FBI, the CTI League, provide more protection for our clients as our team focuses on duties and exposures associated with data protection and cyberattacks. Lewis Roca attorneys are available to assist clients implementing data security practices and systems designed to mitigate the ever-present risk of cybercrime and to navigate the response when cyberattacks occur

To see the FBI FLASH alert visit their website here.

For more information, please contact Hilary Wells at hwells@lewisroca.com, Doug DePeppe at doug@eosedgelegal.com or visit www.lewisroca.com.

This material has been prepared by Lewis Roca Rothgerber Christie LLP for informational purposes only and is not legal advice. Specific issues dealing with COVID-19 are fluid and this alert is intended to provide information as it is currently available. Readers should not act upon any information without seeking professional legal advice. Any communication you may have with a Lewis Roca Rothgerber Christie LLP attorney, through this announcement or otherwise, should not be understood by you to be attorney-client communication unless and until you and the firm agree to enter into an attorney-client relationship.