Shared from Health-ISAC to HHS-OIG to the Healthcare Sector
In a matter of only two days, tactical information shared by a member
within the Health-ISAC community became a nationwide alert to the entire
healthcare sector. Public / private partnerships enable Information Sharing
and Analysis Centers (ISACs) like Health-ISAC to move actionable
A Health-ISAC member recently noticed a postcard impersonating HSS with scare tactics claiming to be notices of a mandatory HIPAA compliance risk assessment. The member shared the postcard as well as a list of other network domains used by the scammers. The postcards are laced with scare tactics about HIPAA fines and even state a fabricated deadline and direct the recipient to a website purporting to be the OCR (Office for Civil Rights.)
When this information was shared to the H-ISAC community, the team at the H-ISAC Threat Operations Center notified HC3 (Health Sector Cybersecurity Coordination) who in turn worked with their OIG (Office of Inspector General) within HHS. OCR then issued a nationwide alert to the healthcare sector for awareness and protection from falling for scare tactics of an entity impersonating HHS.
About Health Information Sharing and Analysis Center
H-ISAC is a global, non-profit, member-driven organization offering healthcare stakeholders a trusted community and forum for coordinating, collaborating and sharing vital Physical and Cyber Threat Intelligence and best practices with each other. Members use this information to extend their security operations team and to create situational awareness, inform risk-based decision-making and mitigate against threats.
Learn more here https://h-isac.org/h-isac-membership/.