Subscriber Alert: Cyber Security and Fraud

cyber stock image

This Subscriber Alert is intended for healthcare organizations and professionals to raise awareness of cyber threats that may impact information security, patient confidentiality, and privacy. Please circulate this alert to those who are overseeing these functions.

Healthcare organizations have, unfortunately, become a popular target for scammers and fraudsters during the COVID-19 pandemic. A number of international law enforcement agencies (including the FBI and CSIS), financial institutions, and cybersecurity centres have recently issued warnings related to an increased risk and incidence of social engineering scams directed at the healthcare sector. 

An increased frequency of cyber loss claims have been reported to HIROC over the past several weeks, particularly with respect to social engineering claims targeting our Subscribers. 

Here are a few examples of social engineering scams:

  • Criminals impersonating employees or vendors requesting changes to deposit bank accounts
  • Fake COVID-19-themed emails coercing staff to click on malicious links that then download malware or ransomware 
  • Emails requesting users to log into their banking website to update information. These emails contain links to malicious websites that have been set up to look like legitimate sites (e.g. financial institutions such as banks and credit unions, and vendor websites)

With this increase in risk, it is important that healthcare organizations take time to educate their frontline staff (including but not limited to finance, human resources, payroll, and accounting staff) to develop good security habits and remain vigilant and suspicious of all emails.

Cybercriminals have become very sophisticated and are using “spoofing” functionalities that make fraudulent emails look virtually identical to legitimate emails sent from internal systems. 

HIROC is urging Subscribers to reinforce safety protocols and educate staff to: 

  • Scrutinize emails for unusual behaviour, language, and circumstances 
  • Verify the validity of email requests before taking any actions, including, but not necessarily limited to the following:
    • Changing banking details
    • Processing urgent payments or online banking
    • Logging into websites
    • Clicking links
    • Opening unverified attachments

We recommend organizations adopt robust verification processes and practices, such as secondary sign-off on payment detail changes, and phone verification using known contact numbers. 

Citrix vulnerability update

In February 2020, HIROC issued an alert related to the Citrix vulnerabilities being exploited by cybercriminals to upload malware to vulnerable Citrix servers. Security patches have since been issued to address these vulnerabilities.

HIROC wants healthcare organizations to be aware that the Citrix vulnerability patches were not meant to remove any malware that may have been saved in your environment between the time when the vulnerabilities were introduced and the time they were closed through security patches. HIROC has observed that malware infestations can remain dormant for a significant period of time before becoming active and sending information to cybercriminals or giving backdoor access to the affected systems.

We encourage healthcare organizations to regularly scan their servers, networks and systems for anomalies and potential malware infestations. Some malwares are sophisticated enough to delete logs so that their existence or activities are not detectable. 

HIROC encourages healthcare organizations to reach out to us as soon as you suspect that you may have suffered a cyberattack. It is imperative that cyber incidents are reported to us as soon as practicable, so that we can initiate our investigation right away, and retain the relevant experts to contain the loss. If you suspect that you may have been the victim of such an attack, please contact HIROC’s Claims Department at or by contacting Gareth Lewis, Director, Claims at