Patient Privacy News

Privacy Groups Urge Pence to Combat COVID-19 Fraud, Patient Harms

Thirty advocacy and research groups are urging Vice President Mike Pence and the White House Coronavirus Task Force to combat COVID-19 fraud attempts and other patient harms.

healthcare Coronavirus COVID-19 pandemic fraud schemes patient harms privacy concerns

By Jessica Davis

- A group of more than 30 national advocacy, industry, and research groups are calling on Vice President Mike Pence and the White House Coronavirus Task Force, the Department of Justice, and the Food and Drug Administration to proactively take measures to combat COVID-19 fraud attempts and other patient harms.

As warned by multiple Federal agencies and security researchers, hackers have continued to target the healthcare sector during the pandemic, with other threat actors using the Coronavirus as phishing lures and for attempted fraud.

Led by the National Consumers League and the Alliance for Safe Online Pharmacies, the 30 advocacy groups are urging the government to develop and distribute clear, decisive science-based methods to protect US individuals from online schemes.

The letter, addressed to Pence, outlines the current challenges and even outlines no-cost policy solutions that could shore up some of these fraud and privacy concerns, as thousands of COVID-19-related health and financial scams have launched since the pandemic was made a national emergency.

“Since day one of the Coronavirus crisis, bad actors have been exploiting public fear and confusion to launch thousands of COVID-themed global scams and phishing attacks,” the groups wrote. “Peddling pseudoscience and false hopes, bad actors online and offline are using the coronavirus crisis to profit at patients’ expense.”

READ MORE: Hackers, APTs Exploiting COVID-19 with Phishing Attacks, Fraud Schemes

“The risk here, however, is that illegal actors are not confined to a single domain name or search term,” they continued. “Rather, illegal activity is occurring across various online marketplaces and social media platforms.”

However, these attempts were “largely preventable,” and the groups noted there are already no-cost solutions available designed to protect individuals. As a result, Congress, the Trump Administration, and state governments must take action to enact and enforce these policies.

The FDA, DOJ, and the Federal Trade Commission have all taken quick responses to reports of the increase in COVID-19-related fraud attempts and cyberattacks, such as industry alerts and public reports to raise awareness about potential fraud.

The groups provide several recommendations to bolster privacy and security across all sectors, including the need to address systemic, structural internet policy problems currently enabling these COVID-19 online scams.

To start, there's a lack of domain name registrar accountability. The groups explained that the US Attorney for the Western District of Texas found “domain name registrars have the unique ability to ‘quickly and effectively shut down websites designed to facilitate these scams.’”

READ MORE: Another COVID-19 Research Firm Targeted by Ransomware Attack

“We agree, but voluntary enforcement is not enough,” according to the letter. “Despite the clarion calls of FDA and Drug Enforcement Administration, voluntary action has not stopped illegal online drug crime. We urge government leaders to require – not ask – for registrars to do more against online scams.”

To resolve this issue, the groups stressed there are currently two policy solutions that would immediately impact fraud at scale. In February, Rep. Bob Latta, R-Ohio, called for Congress to require registrars to validate domain name registration information and make registration data accessible.

A host of Federal agencies, cybersecurity leaders, public health leaders, and Europol all agree that access to domain registration information is critical for tracking down cybercriminals.

The second policy recommendation is to ban companies from profiting from domains used for public health scams.

“While leaders at DOJ, FTC, FDA and in governments take action to monitor and stop COVID-19 scams, Congress could strengthen these efforts by requiring U.S.-based domain name registrars to immediately lock and suspend any domain name used to facilitate coronavirus and other public health scams,” the groups argued.

READ MORE: COVID-19 Business Email Compromise Schemes, Ransomware Escalating

“Especially during a global pandemic, there is simply no reason that domain name registrars should be able to profit from the sale of domains used for COVID-19-related frauds and phishing attacks,” they added.

The concern is that as the economy continues to decline, there will be a wave of scams targeting the pandemic. Consumers have already reported a dramatic uptick in reported Coronavirus-related scams. It’s predicted that as the pandemic and economy worsens, these fraud attempts will only increase.

To get ahead of the onslaught, the White House Coronavirus Task Force should launch a nationwide public service campaign to educate individuals on the most common scams targeting those with economic vulnerabilities, through the FBI and IRS. Further, DOJ should prioritize investigations and prosecution of the criminals behind these attempts.

The groups also recommend a focus on cracking down on phishing campaigns targeting economic fears amid the pandemic, which would include an FTC and DOJ focus on enforcement efforts to bring perpetrators to justice.