COLORADO SPRINGS — A phishing scam is targeting U.S. medical providers. Hackers try to bait their victims by exploiting fear derived from the COVID-19 pandemic.
They use subject lines and content related to the coronavirus or COVID-19, like World Health Organization, COVID alert or purchase order, among others. They try to distribute malicious attachments which exploit mainly Microsoft Word files.
Once someone opens the Microsoft Document or link, hackers could likely infiltrate the network and gain access to personal data. In some cases, that would include patient information.
“It’s all attachments,” Certified Chief Information Security Officer, Certified Ethical Hacker Rodney Gullatte explained. “A lot of them are Microsoft Word documents like the old type, they used to be called “doc” and the other version, ‘docx.’ They have those four-letter extensions on the end so, I have been around medical operations here in town that have really old outdated versions of Microsoft Word and Excel and PowerPoint so those really old versions of Microsoft Word are really susceptible.” (CEO at Firma IT Solutions and Services)
Updating your software to Microsoft10 is also recommended because it is less susceptible to hacking.
Also, train employees not to open unfamiliar attachments or links and take advantage of the Pikes Peak Small Business Development Center for consulting.
If you or your company are targeted by a phishing campaign, you’re urged to contact the FBI here.