Emerging guidance from state and federal agencies indicate that cybercriminals are now aggressively targeting the health care community with COVID-19 vaccine-related attacks.
Threats include phishing, fraud, scams, ransomware and denial of service campaigns as well as attempts to disrupt vaccine supply chains and/or drug diversion.
The campaigns will likely be perpetrated through malware attacks and cleverly crafted COVID-19 vaccine-themed emails and/or texts.
Finally, media coverage and press releases related to our institution’s role in vaccine administration will likely result in our students, faculty and staff being more heavily targeted
Here are some of the most common indicators that the phone call, text or email is likely a scam or attempted cyberattack:
- Any message that communicates a tremendous sense of urgency and attempts to rush you into purchasing/reserving a COVID-19 vaccine for yourself and your family.
- Cybercriminals are targeting your credentials; consider all requests for your password and other private information as suspicious.
- Any message pressuring you into bypassing or ignoring our security policies and procedures. Commonly, phishing messages will urge you to click on a link or reply within a short time frame before locking or terminating your account and deleting your data.
- Be very suspicious of unexpected phone calls, emails and text messages that pretend to be from a university official or member of a government organization urging you to take immediate action. Attackers can be very bold and may attempt to call or send increasingly threatening messages.
- Individuals prioritized for vaccination will receive an email from Dr. William Henrich with a link to schedule your appointment. Once your vaccination is scheduled, an email from UTMSA_DoNotReply.edu will be sent with confirmation and/or a link for instant activation in EPIC MyChart. This will be your indication that these communications are valid.
Please contact Information Security at infosec@uthscsa.edu and 210-567-0707 with any questions about how to further protect yourself from cybercriminals and immediately report suspicious activity or messages.