The U.S. Department of Health & Human Services (HHS) Office for Civil Rights in Action (OCR) issued two alerts through its OCR privacy list on August 6, 2020, and another on August 10, 2020. The first issuance is regarding postcards being sent to health care organizations posing as official OCR communications. The second warns users and administrators of an identified malware variant used by Chinese government actors, known as TAIDOOR.

First Issuance: Fraudulent HIPAA communications.

The false postcard claims to be a notice of a mandatory HIPAA compliance risk assessment from a sender titled “Secretary of Compliance, HIPAA Compliance Division.” The postcard is written out to the HIPAA compliance officer of the health care organization encouraging recipients to access a URL, call, or email to take urgent action. The URL listed in the communication directs readers to a non-governmental website that markets consulting services.

The fraudulent postcard includes a notice stating:

“NOTICE: HIPAA violations cost your practice. The federal fines for noncompliance are based on the level of perceived negligence found within your organization at the time of the HIPAA violation. These fines can range from $100 to $50,000 per violation (or per record), with a maximum penalty of $1.5 million per year for each violation.”

The OCR stresses that this communication did not come from the HHS or OCR and instead, is from a private entity.

First Issuance: How do I verify that a communication is from OCR?

All legitimate email communications from the OCR will end in @hhs.gov. The correct addresses for OCR’s headquarters and Regional Offices are listed on its website here.

First Issuance: OCR recommendations.

OCR recommends that HIPAA-covered entities and business associates alert their workforce members of this misleading communication. They advise that these covered individuals verify communications from OCR by looking for the OCR address or email address on previous and upcoming communications before taking any action.

The Federal Bureau of Investigation (FBI) should be made aware of suspected incidents of individuals posing as federal law enforcement. To report an incident, you can visit the FBI’s website here: www.fbi.gov/tips.

Second Issuance: Taidoor malware used by Chinese government actors.

On August 10, 2020, the OCR shared an update in conjunction with its partners at the HHS and the Assistant Secretary for Preparedness and Response (ASPR), regarding a Malware Analysis Report (MAR). Working with its U.S government partners, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Defense (DoD), a malware variant used by Chinese government cyber actors, known as TAIDOOR was identified.

According to CISA: “Taidoor is installed on a target’s system as a service dynamic link library (DLL) and is comprised of two files. The first file is a loader, which is started as a service. The loader decrypts the second file, and executes it in memory, which is the main Remote Access Trojan (RAT).”

The FBI is very confident that Chinese government actors are utilizing malware variants in combination with proxy servers to establish a presence on victim networks and exploit the network further.

Second Issuance: Suggested response actions & recommended mitigation techniques.

This MAR is being distributed by CISA, FBI, and DoD to enable network defense and reduce exposure to malicious cyber activity from the Chinese Government.

These U.S. government entities recommend that users or administrators “flag activity associated with the malware and report the activity to CISA or the FBI Cyber Watch (CyWatch) and give the activity the highest priority for enhanced mitigation.”

It is advised that if you or your organization fall victim to any cyber threats or incidents, that you email the HHS Health Sector Cybersecurity Coordination Center (HC3) at HC3@hhs.gov with CC to CIP@hhs.gov.

Read the full Malware Analysis Report on the CISA government site here.

Learn more about Chinese malicious cyber activity here.

There are many things you want to look out for when receiving questionable communications from any source. Click here to read our previous blog including more tips for recognizing scams.

You are safe & secure with PrimePay.

Start working with PrimePay today to help protect your business from fraud. Additionally, our all-inclusive payroll, tax, and HR bundle lets you focus on what matters most!

Click here to learn more or fill out the form below.

Disclaimer: Please note that this is not all-inclusive. Our guidance is designed only to give general information on the issues actually covered. It is not intended to be a comprehensive summary of all laws which may be applicable to your situation, treat exhaustively the subjects covered, provide legal advice, or render a legal opinion. Consult your own legal advisor regarding the specific application of the information to your own plan.