Updated 2025: Looking for a Business Associate Agreement? Download our FREE template

TotalHIPAA Logo

Cyber Thieves Thrive During Natural Disasters

Summary:

What better time to exploit the kindness of well-meaning people who want to help victims than during natural disasters? Cybercriminals are waiting in the wings to take your money or steal sensitive information. After events like the California wildfires or hurricanes in the Carolinas, generous people who want to give are at risk. Let’s look […]

What better time to exploit the kindness of well-meaning people who want to help victims than during natural disasters? Cybercriminals are waiting in the wings to take your money or steal sensitive information. After events like the California wildfires or hurricanes in the Carolinas, generous people who want to give are at risk. Let’s look this week at common ways criminals take advantage of us during vulnerable times.

Increase in Malicious Domain Names

During and after natural disasters, criminals take advantage of people eager to help victims. They create and register domain names that will encourage you to donate. A security company recently found that following Hurricane Florence, there were 137 new domain names involving words like “charity,” “compensation,” and “relief.” Most of these are related to a “charity.” Each appears legitimate, complete with “Donate” buttons, tricking victims into giving money and providing private, sensitive information. How do cyber thieves attract duped users to their website? Some may be found through a search engine, but many times email lists are used to send phishing emails.

Rise in Phishing Emails

Following Hurricane Florence, the National Cybersecurity and Communications Integration Center (NCCIC) issued a warning to be on the lookout for suspicious emails. These fraudulent emails may contain links or attachments that lead to malicious websites. The NCCIC recommends paying attention to the subject line of all hurricane-related emails, attachments, or links and to pay attention to the URL of any website asking for sensitive information or money. Additionally, scams have been spotted on social media outlets and through unsolicited texts.

Firstly, be wary of any websites that include the actual name of a natural disaster. For instance, www.hurricaneflorencedonation.com.

Pay attention to the subject line of emails. If they are related to a recent natural disaster like a hurricane, your guard should be up.

Do not open emails containing attachment or hyperlinks related to recent natural disasters. Even if it appears to have originated from a trusted source, it is likely a scam. Verify the legitimacy of any email solicitation by contacting the organization directly through a trusted contact number.

Stick with donating to well-known charities to avoid being duped. Check the BBB National Charity Report Index to ensure the charity is legitimate or  donate through the American Red Cross www.redcross.org/Hurricane/Florence‎

Review our blog on different types of phishing scams and how to spot phishing emails

Lastly, keep anti-virus software up to date, and make sure you have enacted the anti-phishing software furnished by your email provider.

Plan for Natural Disasters

If you own a business, hopefully, you have created a Disaster Recovery Plan. The plan describes how an organization plans to handle potential natural disasters. Chiefly, it enables you to quickly get your business functioning again. HIPAA requires your organization to have a fully developed and tested Disaster Recovery Plan.

Review these nine steps to create a Disaster Recovery Plan:

  1. Designate your primary crisis managers
  2. List employees and their emergency contact information
  3. Identify major clients’ contact information
  4. Keep a record of vital financial relationships
  5. Create an inventory of all electronic devices
  6. Design an evacuation plan based on disaster type
  7. Determine who is in charge of restoring the network
  8. Create a potential purchase list
  9. Estimate disaster recovery times

For more information on creating your Disaster Recovery Plan, see our previously posted blog.

To summarize, natural disasters are imminent, and so are criminals who are poised and ready to exploit people who want to help. Don’t rush to donate to any entity online without validating them first, and ensure you have a Disaster Recovery Plan in place.

Our HIPAA compliance services help ensure that your business follows the basic HIPAA rules and guidelines to protect sensitive patient information. Our team of experts is dedicated to providing affordable rates and personalized solutions to help you become HIPAA compliant. We understand that navigating the complex requirements of HIPAA can be challenging, which is why we offer a comprehensive range of services to meet your unique needs. From risk assessments to employee training, we have the tools and expertise necessary to help your business achieve and maintain HIPAA compliance. Contact us today to learn more about how we can help you protect your patients, your employees, and your business.

  1. https://securitytrails.com/blog/malicious-domains-registered-in-wake-of-hurricane-florence
  2. https://www.scmagazine.com/home/news/cyber-scammers-using-hurricane-florence-as-a-hook-for-malicious-emails/

Sharing is caring!

Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Want to stay informed?

Join our community, stay ahead of the curve on HIPAA compliance and receive free expert guidance.

Related Posts

Why do we need to test our Disaster Recovery Plan every year?

Why do we need to test our Disaster Recovery Plan every year?

Even if your internal software and servers remain perfectly static, the infrastructure, vendor updates, and cyber threats around them are constantly shifting. Waiting 2 or 3 years to test your backup systems leaves you vulnerable. This post breaks down the four external factors that degrade an untested playbook, explores HIPAA compliance mandates under NIST SP 800-66, and provides a granular, step-by-step example of what a compliant disaster recovery blueprint actually looks like.

How to Maintain HIPAA Compliance in Public Cloud Environments

How to Maintain HIPAA Compliance in Public Cloud Environments

Storing ePHI in the public cloud offers scalability but requires a strict “Shared Responsibility” approach. To remain HIPAA compliant, organizations must go beyond basic Business Associate Agreements (BAAs). The implementation of AES-256 encryption, multi-factor authentication (MFA), and microsegmentation are now required. This guide outlines the essential steps to securing your cloud infrastructure while meeting the latest HHS and OCR standards.

How to Stay HIPAA Compliant with Audit Logs

How to Stay HIPAA Compliant with Audit Logs

HIPAA audit logs are a mandatory technical safeguard under the HIPAA Security Rule, designed to track and record system activity across your network. To ensure complete compliance, organizations must actively maintain and routinely review these logs to detect unauthorized access to electronic protected health information (ePHI). This guide covers federal hipaa audit log requirements, the essential six-year hipaa audit log retention rules, best practices for tracking digital and physical data access, and how utilizing a structured hipaa audit log template protects your organization from catastrophic data breaches and costly federal penalties.

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Save Cart & Generate Link
Send Cart in an Email Done! close
Empty cart. Please add products before saving :)

Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Send Cart Email
Your cart email sent successfully :)