A public health emergency brings out the best in some people -- and the worst in cyber criminals. As the COVID-19 virus has spread, so have phishing emails and scams, and you are a target.

As a physician, criminals know that since the pandemic, you are busier than ever. They are hoping you won’t take the time to closely examine an email or question a telephone caller. But if you know what to look for, you can keep from falling victim to these scams, which are focused on getting money or sensitive information to steal your identity, or sell on the underground credential market.

Types of scams to watch out for:


Hackers know that more business than ever is taking place remotely, so they’ve adjusted their attacks. Unsecured home networks make it easy for criminals to access sensitive patient data, or to pretend they are a patient and seek access to your network.

COVID-19 tests, vaccines, PPE

The U.S. Department of Health and Human Services (HHS) Office of Inspector General has alerted physicians about fraud schemes related to the coronavirus. Criminals are using email, phone, text, and social media links to try and sell tests, vaccines, or Personal Protective Equipment. Clicking on a link or attachment for “more information” instead unloads malware onto your computer and could result in a ransomware attack.

Ransomware is a type of malware that encrypts a computer's data, rendering it useless. The ransomware sender offers the decryption key for a price. The choice is to pay the ransom in hopes you can recover your data, or completely start over by re-imaging the device and using data back-ups to restore it. Ransomware attacks have increasingly targeted health care facilities, because the criminals know how costly downtime is to patient care.

How to protect your practice and yourself

  • Remember that you will not be asked for money to enhance your ranking for vaccine eligibility, according to the HHS. Government and state officials will not call you to obtain personal information in order to receive the vaccine, and you will not be solicited door-to-door to receive the vaccine.
  • Don't click on links or attachments in emails from sources you don’t recognize. Instead, confirm any COVID-19 information from reliable sources like HCA Healthcare's Clinical Services Group, the Centers for Disease Control at cdc.org, and the World Health Organization at who.int.
  • Know the signs of a phish, which are fake emails, phone calls and texts designed to get you to click on a link or attachment. If you see any of these signs, be extra-cautious. Phish stands for
    • P: Personal Reference or Request
    • H: Hyperlink or Attachment
    • I: Inaccurate Information
    • S: Suspicious Sender
    • H: Hurry Up and Respond
  • Do not give your personal or financial information to anyone claiming to offer HHS grants related to COVID-19.
  • Be aware of scammers pretending to be COVID-19 contact tracers. Legitimate contact tracers will never ask for your financial information, or attempt to set up a COVID-19 test for you and collect payment information for the test.