Privacy and Security Notice: Fake faxing and holiday phishing emails

Fake Faxing Scams

WVU Medicine has experienced an uptick in fake faxes being sent to provider offices either requesting signature for durable medical equipment orders or durable medical equipment orders with fake signatures in place. Please be aware of these types of scams. The bad actor may have the correct patient’s name, physician’s name and a signature (fake signature).

Over the past 2 years, medical and personal records have been breached all over the world. We will continue to see bad actors use patient information and physician information in creative ways for “social engineering” of our staff and patients. This will continue; please make sure you “say something when you see something.” It will take all your combined discernment to keep our employees and patients safe.

• Do not take anything at face value, if it sounds or looks strange then your gut instinct is probably right.
• Always ask department managers if you have questions, it never hurts to get a second opinion.
• Don’t be afraid to question something: Is this normal practice for this physician or leader? Would they have ordered this for this patient? Would they ask me for money? Have we ever done business with this vendor?
• Calling the number of the company on the fax may put you into a “call center’ that bad actors have setup for this purpose. Look up this company online and call them on a verified number. Are they hostile or pushy? Feel free to ask them questions.
• Always remember that you can reach out to the WVU Medicine security or privacy teams for support:
  • IRT- irtt@wvumedicine.org
  • Privacy- wvumnopp@wvumedicine.org

Phishing Emails During the Holiday Seasons

Bad actors like to step up their activity during the times around the holidays in hopes that people will be looking for gift ideas or sending family money. Thanksgiving through New Year’s Day these types of emails ramp up as people are on holiday and out for PTO. They want to catch you in a good festive mood and not thinking about security.

If I am a bad actor, I want to catch you when your attention is not at work, but on social things. We encourage you to be diligent during this time. Ask yourself the following questions:

• Did I get an authentication/security push notification to log in for work, and I did not do this?
• Did I get a Microsoft Authenticator request for a code to login to work?
• Do I have two-factor authentication on all bank accounts and important applications outside of work?
• Am I monitoring my credit, home deed, identity?
• Have I verified that someone who is calling me or texting me is really that person?
• Have I setup call blocking or text spamming applications on my phone?
• Do I have virus protection on my home computer that is from a reputable company?
  • Free antivirus is not legitimate.

If you have questions or need assistance with any of these issues, please feel free to call WVU Medicine IRT On-Call for urgent issues at 304-598-4000 EXT. 71450; email general questions to irtt@wvumedicine.org.