Healthcare organizations are facing a rising threat of malicious attacks that target protected health care information. The number of incidents that evade traditional security defenses are increasing at an alarming rate, and with the growing prevalence of EHRs, the playing field has become even more enticing to scammers. Couple this with tax season, and it seems like the email and phone scams increase substantially. While it’s always a good idea to be vigilant and help educate employees to be on guard, some extra reminders during this time of year can be a great benefit! Here are some common scams popping up again, as identified by the FTC:
- A taxing situation. Internal Revenue Service imposters are the #1 imposter scam in Consumer Sentinel and they’re on the rise. Fake IRS agents may try to scare you into thinking that you owe back taxes or there’s a problem with your return. The real IRS won’t initiate contact by phone or email – instead they’ll start with a postal letter.
- Medicare masquerade. The sham government representative claims to work for Medicare or in connection with the Affordable Health Care Act or even a made-up agency that sounds a lot like Health and Human Services. They say they need to verify your bank account number — and it might sound convincing. Some callers may even know the first few numbers of your account, and say you just need to verify the rest. They threaten your medical benefits to get your personal information or fees from you.
- Social IN-Security. The e-mail subject says “Get Protected,” and the message has information about new features from the Social Security Administration (SSA) that can help taxpayers monitor their credit reports, and know about unauthorized use of their Social Security number. It even cites the IRS and the official-sounding “S.A.F.E Act 2015.” It’s a phishing email to get you to click on a scammer’s link and install malware, or the link might send you to a spoof site to trick you into entering your personal information.
- Prescription for Trouble. Someone calls and says you must join their prescription plan or you’ll lose your Medicare coverage. Don’t believe it. The Medicare prescription drug plan (also known as Medicare Part D) is voluntary and does not affect your Medicare coverage.
- Medicare-less. Someone calls or emails claiming they need your Medicare number to update your account, get you a new card, or send you Medicare benefit information. Perhaps they say they need “to confirm” your billing information. It’s a scam. If you need help with Medicare, call 1-800-MEDICARE or go to medicare.gov. Plan representatives are not allowed to ask you for payment over the phone or online.
- Sur-prized? Did the Prize Patrol ring you up to say the only thing between you and a pile of winnings is a little processing fee? Before you call in the cameras, balloons and poster-sized check, hold the phone! If you need to send money to collect your prize, hang up. They’re just pretending to be from Publishers Clearinghouse.
- You need professional help. Maybe the con artist tries to persuade you that your computer is on the fritz. In this twist, scammers try to convince you that your computer has a serious and urgent technical problem and that you desperately need their help.
- Mal-where? Another version goes like this: “I’m calling from Microsoft Technical Support. I’m looking at your computer and there’s dangerous software popping up.” In reality – and you have my “Word” on this – it’s a scam. Put down the phone or refuse to click the pop-up. The fee they demand is usually very low to avoid raising your suspicions. Sometimes they say they’re from billing and you owe money or they need your account information.
- Fake FBI. In an old twist on the Nigerian email scam, a phony G-man contacts you with supposed “certification” of the legitimacy of Prince So-and-So from the United Kingdom of Scamnation or some other official-sounding offer. The Prince supposedly wants you to help him move a, well, princely, sum of money out of his troubled country. Nope, not a chance.
- Kidnapped computers. You click on a link in an email that seems like it’s from a legitimate company. The window that pops up says a destructive program has locked you out of your files. The pop-up might tell you to click a link so an “FBI agent” can help you. Or they tell you to get a prepaid card and pay for a password that will unlock your files. More often than not, even if you pay the ransom, they don’t release your files. Regularly back up your files to minimize any damage these thieves could cause.
- I’ll grant you that… Imagine the caller posing as a government official – could be from the Treasury Department, Health and Human Services, Homeland Security or a made-up agency name with the word “federal” in it – with the surprising news that you’ve won a government grant for thousands of dollars. They encourage you to seal the deal by forking over hundreds of dollars in “taxes” or “fees.”
- Fueling fears. Another variation involves a phony Homeland Security caller who threatens immigrants with deportation notices. They offer, for a charge, to help you certify your immigration status. They hope scare tactics will get you off guard long enough to part with valuable information or money.
- Caller ID Don’t. An emerging imposter scam involves misusing caller ID. Sometimes they make it seem that the Caller ID number is your telephone number. Others spoof the caller ID with “Mom” to get you to pick up the call.
BlueOrange Compliance has been providing privacy and security assessments, remediation and guidance since the inception of HITECH, and has over 50 years of experience in technology security, compliance and healthcare. Our national client base consists of hospitals, physician provider practices, LTC Pharmacies, LPCs, CCRCs, homecare and hospice and business associates. If you want to learn how BlueOrange Compliance can help you turn HIPAA complexity into HIPAA compliance, visit us at blueorangecompliance.com.
..