Cyber-Blog & Recent Events

Fake cell phone messages continue

Please be aware that CHA employees are still getting fake cell phone SMS texts on personal cell phones from attackers disguised as CHA staff such as Assaad Sayah.

The screenshot shows a text message that was received by a CHA employee.

Please report the message as junk on your phone and contact the Helpdesk when you receive a message such as this one.

4/14/2023

Fake cell phone messages continue

Please be aware that CHA employees are still getting fake cell phone SMS texts on personal cell phones from attackers disguised as CHA staff such as Assaad Sayah.

The screenshot shows a text message that was received by a CHA employee.

Please report the message as junk on your phone and contact the Helpdesk when you receive a message such as this one.

11/21/2024

AI Tools - A Message from CIO Jeannette Currie

Dear colleagues,

Over the past several months, we have seen an increase in the use of AI tools, which can take notes, write content, and perform other tasks. In fact, one was observed at CEO Assaad Sayah’s virtual CEO Forum on Tuesday. Unfortunately, these tools can cause problems with our IT infrastructure and cause security risks.

CHA has a policy and process to ensure such tools are safe and secure. Any AI tool, including notetaking support, that has not been approved by the AI Committee is prohibited. Anyone interested in using an AI-based tool at CHA should place a request through the IT Front Door. If you see an AI tool in a virtual meeting, please report it to our IT Helpdesk (helpdesk@challiance.org or 617-665-2468).

As we recognize these tools can be helpful, we will soon test Gemini, Google’s AI tool which can be used for notetaking during meetings, with a pilot group of CHA staff. Thank you for helping us to protect the privacy and security of our patients and colleagues.

Sincerely,

Jeannette Currie

Chief Information Officer

Cambridge Health Alliance

11/01/2024

Providers are targeted by scammers

Several local providers, including one at CHA, have recently been targeted in a scam attempt. In this scenario, the providers were all left a voicemail on their cell phones from a “Dan Crowley” from the Middlesex Sheriff's Office. They are being told it is a legal matter and that a certified letter was sent to the provider’s home address (which was provided by the caller) about testifying in a court case. If they do not comply, the caller states a warrant will be issued for their arrest. If you do get a call like this, please know that it is fraudulent. You can report it directly to the Middlesex Sheriff's Office (781-960-2800).

10/28/2024

Fake cell phone messages

Please be aware of fake cell phone SMS texts on personal cell phones from attackers disguised as CHA staff, who are trying to trick staff into purchasing gift cards to provide the gift card numbers to them.

The screenshot shows a text message that was received on Monday sent by someone pretending to be Assaad Sayah.

Please report the message as junk on your phone and contact the Helpdesk when you receive a message such as this one.

10/22/2024

Changes to Imprivata Approval Process

Starting on October 21, 2024, CHA staff will notice a change in the Imprivata approval screen as they perform Multi-Factor Authentication (MFA). This change allows for greater security when accessing content away from a CHA location.

For more information click HERE

10/16/2024

Phishing emails impacting CHA

CHA is experiencing increased phishing/malicious emails.

Please note these malicious emails come in many disguises and below is illustrative of just one current phishing campaign being used against CHA staff.

Details of this Phishing Attempt:

Email Subject: Completed document: HR
Sender’s Address: varies, CHA is now receiving these emails from multiple addresses

Immediate Actions Required (on any suspect emails you receive):

Do Not Click Any Links: If you receive an unexpected email similar to below, do not click on any links within. These links may attempt to capture your Microsoft account credentials, compromising your personal and professional data.
Report and Block the Sender: At the top of your Gmail window, click the small stop-sign "Report spam". This will help prevent further malicious emails from reaching you.
Stay Vigilant: Always verify the authenticity of any email requesting you to log in or provide personal information.

05/24/2024

eAlert emergency communication system

CHA is making changes to its eAlert emergency communication system.

Beginning Tuesday, April 16 2024, all employees will be enrolled in this system so we can inform you of emergency events affecting one or more of Cambridge Health’s Alliances healthcare facilities.

Additionally, due to the increase in cyber crime especially impacting healthcare organizations, your contact information will also be used by the Helpdesk to verify user identity going forward. Please make sure that your information is accurate; otherwise, Helpdesk support might be limited. A further announcement on Tuesday will provide a link to the eAlert system for your review.

At least one method of contact (cellphone, personal email, or landline) will be required as a way to reach you in case of external emergencies that impact CHA.

The eAlert system will not be used for routine communication.

This data is securely stored and only used for the purposes described above. For questions please contact the Helpdesk.

04/11/2024

MFA Spamming

Do not approve Imprivata notification on your phone if you are not in the process of logging into a CHA account. This could be a hacker trying to use your account. Decline the notification and contact the Helpdesk. To learn more about the topic please click here.

02/28/2024

Fake cell phone messages

PLEASE NOTE: some CHA staff are receiving fake cell phone SMS texts on their personal cell phones, from attackers disguising as CHA staff, who are trying to trick staff into purchasing gift cards to then provide them.

This "smishing" scam is prevalent these days, not just at CHA, and staff are asked to be vigilant to any unexpected messaging.

Do not correspond with anyone you were not expecting messaging from; report any instances to Helpdesk.

Reference on such various malicious activities can be found at:

https://www.cisa.gov/news-events/news/avoiding-social-engineering-and-phishing-attacks

Displayed is an example received today by CHA staff:

01/19/2024

Beware of Gift Card Scams

This is the time of the year when we see an uptick in gift card scams. These could be in the form of emails, phone calls, text messages, or at the store. Find out more

11/30/2023

Cybersecurity Alert

CHA’s IT department was recently alerted to a gift card scam that has targeted a couple off-shift managers at CHA via text on their cellphones. The text simulates a message from CEO Assaad Sayah, MD offering a gift card – see example below:

"Hi Diana, Text me back as soon as you see my message, Assaad Sayah"

Please be aware of this scam, and do not respond to any unknown phone numbers. Please contact the Helpdesk with any questions.

11/13/2023

Cybersecurity & Infrastructure Security Agency article and video

The US Government has declared October Cybersecurity Awareness Month. The Cybersecurity & Infrastructure Security Agency has put this article and video together to give us some reminders on things we can do to stay safe. Please take 2 minutes to watch the video and spread the word. Let's protect ourselves and help keep each other safe.

CISA.gov (Cybersecurity & Infrastructure Security Agency)

10/19/2023

New EvilProxy Phishing Attack Uses Indeed.com Redirector to Target US Executives

This new EvilProxy attack starts with a phishing email sent to targets. The email contains a link that abuses an open redirector from Indeed.

Once the target clicks the link, they’re redirected to a fake Microsoft login page, which is provided by the EvilProxy kit. The unsuspecting target provides their credentials and 2FA code to the phishing page. On the server side, the kit uses those credentials and 2FA in real time to provide the attacker with a valid session cookie, which can be used to access the victim’s resources on the Microsoft website. Learn more

10/11/2023

October is CyberSecurity Month

October is CyberSecurity Awareness month and CHA's CyberSecurity Team wants to remind you that there are a few simple ways to keep you, your family, and CHA safe. First, always remember to keep your phones and PC's up to date with the latest updates. Second, make sure your passwords are changed and complex so they aren't easily guessed. Third, think before you click. Hovering over a URL will show you where that link is coming from, if it's unfamiliar then don't click on it. If you ever have any doubts or questions feel free to contact us any time at cyber-security-team@challiance.org. Stay Safe out there! Click here for more tips on Online Safety and Privacy Basics.

10/6/2023

Phishing emails containing malicious QR codes

The Health Information Sharing and Analysis Center (H-ISAC) yesterday alerted the health sector to an emerging threat that targets senior executives through phishing emails that contain malicious QR codes, also known as quishing. AHA recently received reports from the field that executive leadership at academic medical centers and other entities were receiving highly targeted and convincing quishing emails and worked with the field and H-ISAC to better understand the nature and scope of the threat.

“As use of QR codes to access websites and other resources increases, it is not surprising that cyber adversaries are evolving their techniques to include QR codes as the attack vector to compromise user credentials, evade multifactor authentication and deliver malware into organizations,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “If a scanned QR redirects to an unknown website, discontinue use immediately. Do not provide your username and password in response to a QR code unless specifically authorized by your organization.”

9/21/2023

"Otter", and staff use of Chrome extensions and add-ons

It was recently learned that (1) some staff have signed up for an AI transcription service called “Otter”, which added a Google extension to their browser, and (2) others have been invited to add Otter when joining a Google Meet (or other conferencing tool).

Otter is an AI tool that transcribes a verbal meeting and generates both a transcript and, if asked, meeting minutes, that can then be shared with third parties. Participants may not realize that Otter is recording the meeting conversation and preserving the discussion. Under Massachusetts law, conversations cannot be recorded without the permission of all participants, it is the practice at CHA to remind all participants of this prior to recording any meeting.

Otter is not approved by CHA for use in our environment. CHA IT has taken steps to block access from our environment.

While CHA’s version of Google Meets is HIPAA-compliant, adding a third-party plug-in such as Otter may violate this HIPAA-compliant status and lead to a breach of patient data. If you have Otter downloaded you will need to immediately delete any/all downloaded recordings and delete the program. This step is necessary to ensure the protection of any information that may have been recorded when using OTTER. If any information recorded contains PHI, please contact the CHA Privacy Office CHAPrivacyOffice@CHA.org . If you require assistance with deleting the program extension, please contact the Helpdesk at 617-665-2468

There is no evidence that Otter.ai has been integrating with the Mend telehealth platform; providers can feel comfortable providing telehealth services with Mend.

It is critical to the security of our system and safety of our patients that CHA users ensure that they do not accept invitations or sign up for tools and applications that have not been approved by CHA.

Using applications that are not approved is against our CHA policy, and may lead to severe ramifications for our patients and organization.

If you are interested in using an information technology tool, but are not sure if it has been approved, or if an approved tool you previously used no longer works, please contact the Helpdesk at 617-665-2468.

6/21/2023

FBI Alert of Fraud

To the CHA community:

CHA recently received an FBI Emerging Intelligence report that warns of fraudsters likely using confidential details of physician-patient relationships that have been enabling health care fraud. The FBI bases this assessment on multiple reports of faxed requests for physician authorizations by fraudulent service providers that appeared to have knowledge of confidential physician-patient relationships. These requests include but have not been limited to the following:

Physician authorization on services, medication, equipment, etc;
Chart notes;
Copies of various other contents of the medical records

If you receive a request for copies of the patients' EMR, the Health information Management (HIM) Dept. should be contacted for assistance. In regards to physician authorization that you have not ordered or questioned, contact the Compliance Dept. for review before responding.

Thank you.

Ann D'Arcy-James

Sr. Director Health Information Management/Chief Privacy Officer

MFA (Multi-Factor) for Infor now required when offsite

As of Monday January 9 access to "Infor," CHA's web-based Human Resources and Payroll System, when offsite, will require that "multi-factor authentication" be used for security purposes.

NOTE: with this change, Infor access onsite at CHA will no longer require you to log into the application.

When offsite, and logging into Infor using your CHA network account, you follow the process you are already familiar with but will now be prompted to acknowledge your identity using your previously setup cellphone "Imprivata ID" app.

Setup entails installing the Imprivata app on your cell phone, configuring it (just the once), and always having that cellphone with you as you log into Infor when offsite.

(this is the exact same process for those staff accessing their CHA Gmail when outside CHA; if you are already doing that, you are already configured for Infor access as noted here.)

If you have not enrolled in Imprivata previously for use of CHA Gmail, please complete one of the following options before January 9 if you intend to access Infor Offsite:

ON SITE (when at CHA) INSTRUCTION FOR INSTALLING IMPRIVATA ON YOUR CELL PHONE:

"Onsite Imprivata ID Enrollment"

OFF SITE INSTRUCTION FOR INSTALLING IMPRIVATA ON YOUR CELL PHONE:

"Offsite Imprivata ID Enrollment"

October is Cyber Security Awareness Month

October is Cyber Security Awareness month and a good reminder that all of us need to be constantly on the lookout for hacking attempts. During the month of October we will share steps you can take to keep safe from cyber attacks.

You will also find our annual security training in your Healthstream assignments.

Multi-Factor considerations regarding Imprivata cellphone requests and your account

CHA has successfully gone live with MFA (Multi-Factor Authentication) for Google Workspace. This is an important step to prevent cyber security attacks.

In order for MFA to work, please be aware of the following scam hackers use to gain access to systems. If you receive an approval request on your Imprivata mobile app randomly, without initiating a login, DO NOT APPROVE IT, even if the notifications become distracting or bothersome. You are getting this notification because someone gained access to your username and password and is trying to trick you into approving the push notification to log into our system.

Deny access and work patiently through the scam. After the third Imprivata approval request the system will lock access for at least 5 minutes. Immediately call the Helpdesk at 617-665-2468 to reset your password. Remember: the hacker has gained access to your password for this scam to work.

October is Cyber Security Awareness month and a good reminder that all of us need to be constantly on the lookout for hacking attempts. The somewhat inconvenience of MFA is not as long-lasting as the effects of a breach.

Over the next month we will share steps you can take to keep safe from cyber attacks and starting October 3 you will find our annual security training in your Healthstream assignments.

MFA (Multi-Factor) for Google Workspace now required

CHA Google services when offsite now require that "multi-factor authentication" be used for security purposes.

(note: this new requirement is in place but staff may not experience the new log in process until completely logging out of Google when offsite, and logging back in)

NOTE:

onsite Google access at CHA is unchanged: you log into Gmail (Google Chrome) as you always have; this is also true for those staff using CHA VPN Remote Access to remote into a virtual desktop.
those staff using the CHA managed Gmail app on their cellphone will also experience no change initially, but when their network password is changed (required every 180-days) they will need this same Imprivata installed as part of the password update process.

When offsite, and logging into Gmail using your CHA network account, you follow the process you are already familiar with but will now be prompted to acknowledge your identity, on your previously setup cellphone "Imprivata ID" app.

Setup entails installing the Imprivata app on your cellphone, configuring it (just the once), and always having that cellphone with you as you log into your CHA Google account when offsite.

UPDATED INSTRUCTION: https://sites.google.com/challiance.org/g-help/home

includes the login process for onsite and offsite CHA Google services access
includes the one-time procedure for installing "Imprivata ID" (for either onsite or offsite).

MFA (Multi-Factor) Announcement for this week

CHA Google services when offsite will require (as of September 29, 2022) that "multi-factor authentication" be used for security purposes.

NOTE:

onsite Google access at CHA is unchanged: you log into Gmail (Google Chrome) as you always have; this is also true for those staff using CHA VPN Remote Access to remote into a virtual desktop.
those staff using the CHA managed Gmail app on their cellphone will also experience no change.

Setup entails installing the Imprivata app on your cellphone, configuring it (just the once), and always having that cellphone with you as you log into your CHA Google account when offsite.

UPDATED INSTRUCTION: https://sites.google.com/challiance.org/g-help/home

includes the login process for onsite and offsite CHA Google services access
includes the one-time procedure for installing "Imprivata ID" (for either onsite or offsite).

Multi-Factor for CHA Google Workspace - starting on Sep 29th 2022

For security reasons CHA Google account access from outside the CHA environment will require multi-factor authentication beginning September 29.

Accessing Google account services from computers onsite at CHA will remain the same, but any other outside computer access will require staff to have installed on their cellphones the "Imprivata ID" app, pre-registered to their CHA account. This app will prompt staff to acknowledge their current usage of CHA Google services (in addition to their normal login, thus: "multi-factor authentication".

If you use your CHA Google account offsite and you do not have Imprivata already installed on your cellphone you can take the following steps now to be prepared for the September 29 change. This document: "Imprivata ID self Enrollment for On Site Users" can be used while staff are on site at CHA, logged into a CHA computer, to register their cellphone install. If you have questions please contact the Helpdesk.

Ransomeware Update 10.29 9:00 PM

The Massachusetts Department of Public Health has advised that there may be a malicious email circulating to healthcare facilities this evening. The Cybersecurity and Infrastructure Security Agency and FBI are investigating.

Please refrain from opening or clicking on any emails that originate from

aspen_info@hcquis.org with the subject: Important COVID-19 Reporting Information from CMS.

Please report receipt of this type of message to CHA IT IMMEDIATELY at 617-665-2468 Option #6.

MDPH will follow-up as we learn more.

Ransomeware 10.29 @10:00 AM

Please be extra vigilant for phishing emails containing links as there is an increased and imminent ransomware threat specifically targeting healthcare organizations in the U.S.

If something seems wrong, Notify IT IMMEDIATELY at 617-665-2468 Option #6

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have shared guidelines to protect against these potential attacks. CHA is following these guidelines and has implemented additional security measures.

Here are some simple things you can do to help CHA avoid a ransomware/malware attack:

Think Before You Click

The most common way ransomware enters corporate networks is through email. Often, scammers will include malicious links or attachments in emails that look harmless. To avoid this trap, please observe the following email best practices:

Do not click on links or attachments from senders that you do not recognize. Be especially wary of .zip, .pdf or other compressed or executable file types.

Please limit your use of personal email accounts while at CHA.

Watch for email senders that use suspicious or misleading domain names.

If you can’t tell if an email is legitimate or not, please DELETE THE Email.

Be especially cautious when opening attachments or clicking links if you receive an email containing a warning banner indicating that it originated from an external source.

Thanks again for helping to keep our network, and our people, safe from these cyber threats. Please let us know if you have any questions.

Page updated

Report abuse