FBI Issues New COVID-19 Cyber Alert for Healthcare Providers on April 21, 2020

On April 21, 2020, the American Hospital Association alerted its members that the Federal Bureau of Investigations (FBI) had issued an FBI Flash to update healthcare providers on additional cyber activity* that continues to exploit fears related to the COVID-19 pandemic. The FBI stated that it had been notified of targeted email phishing attempts against US-based medical providers. The phishing attempts use subject lines and content related to COVID-19 and distribute malicious attachments. Individuals or companies receiving email with unsolicited attachments that may be a phishing attempt should NOT open the email or email attachment if the individual or the company does not have the capability to examine the attachment in a controlled and safe manner.

FBI Alert provides technical details. The FBI Flash provides technical details about the phishing campaign to assist individuals and company IT personnel in identifying the malicious emails. The technical details include a list of email senders, email subject lines, attachment file names and hashes related to the phishing attempts.

The FBI Requests Assistance to Respond to the Threat. To assist in the FBI’s response to the COVID-19 phishing campaign, the targeted individual, or his or her company, is being asked to:

Continue reading

No Further Extensions for ICD-10 and MU Stage 2

strike before midnightUpdate:  On April 1, 2014, President Obama signed into law the “Doc Fix” bill, Public Law 113-93, which extends the deadline for ICD-10 for an additional year.  Section 212 of this law prohibits the Secretary of Health and Human Services from adopting ICD-10 code sets prior to October 1, 2015.

Everyone is a-twitter (pun intended) about the announcement on Thursday, February 27, 2014, from Marilyn Tavenner, the Administrator for the Centers for Medicare & Medicaid Services (CMS), that the deadline for adoption of ICD-10 will not be extended. Tavenner was the keynote speaker at the HIMSS14 conference, and numerous tweets from HIMSS attendees highlighted her assertion that CMS will stand firm on the October 1, 2014 deadline. All entities covered by the Health Insurance Portability and Accountability Act (HIPAA) must be prepared to use ICD-10 codes on transactions by this date.

Tavenner also affirmed that the deadlines for Stage 2 Meaningful Use (MU) will not be extended. Providers who are not meaningful users of Certified Electronic Health Record (EHR) Technology under the Medicare EHR Incentive Programs will face a penalty, in the form of Medicare payment adjustments. These payment adjustments will be applied beginning on January 1, 2015. Continue reading