Compromised JHED IDs
JHRP has had several physicians with compromised JHED IDs. Someone impersonating the physicians got through, via phone call or other means, and changed the provider’s password. The provider was not able to log back in to any system. Luckily, they had signed up for ‘Receive myIT Security Alerts’ through their JHM profile and were alerted that their password was changed to notify IT if they had not requested the change.
It was strongly advised that providers update their JHM profile and ensure that:
- The correct cellular carrier is checked
- “Receive myIT Security Alerts” is checked
- Personal e-mails are entered to serve as a back-up communication vehicle and a second form of i.d. verification
JHU Phone Number Impersonation
A Cardiology patient notified the GBMC office that they received a phone call from a JHU Cardiology phone number asking questions about their medications and recommending a testing kit for auto-immune issues. Luckily the patient recognized it as a scam and hung up.
Security informed us that scammers can use caller ID software to make it look like the call is coming from a legitimate phone number when it is actually offshore. They advised us to tell the patient to consider changing their passwords to key email addresses, MyChart and bank accounts. They should also consider contacting the 3 major credit agencies (Experian, Equifax, Transunion) to lock credit if they do not need to take out any loans.
Security will be notifying the Privacy Office to see if the patient was involved in a breach.
Requesting Remote Access to Computers
We were notified by security that a call was made to one of their employees. The phone # indicated it was from within JHH 410-955-XXXX but it was scammer posing as JH I.T. needing to remote into their computer to install a patch and correct a security concern. Luckily, the employee had not placed a service request and did not allow access.
Use of Public Charging Stations
USB cords directly connected to a device are a new way for perpetrators to access devices. It is recommended to use a power adapter and not the USB charging station when charging any device in public.