DOH Extends Home Care Cost Report Deadline Until Monday, November 2

DOH, during its cost report outreach session on October 28, announced that it is extending the deadline for submission of cost reports until 11:59 on Monday, November 2nd. 

HCP recently pressed DOH on a number of issues related to the cost report, including a much lengthier extension of the submission deadline. As this process carries on, HCP will continue to raise concerns on behalf of providers to point out the concerns of the industry. 

As HCP published recently in its newsletter, in its discussion with DOH It was explained that providers should ensure that they keep track of how they arrived at the data entered on the report. Providers should keep clear notes and back-up material to show their work backing up their understanding of what’s being asked. In an audit situation, this information will be helpful. Also, if during the audit process errors are found or questions arise, DOH and KPMG will work with providers to correct the information, rather than penalize providers. 

DOH Alerts Providers to Ransomware Attacks

Late last night and again this morning, the Department of Health (DOH/the Department) announced that it is aware of three ransomware attacks occurring over the last two weeks that have impacted a healthcare system, hospitals, a local health department and its county-operated adult care facility. 

Phishing email has been identified as the source of attack in at least one of these incidents and is suspect in the others. As health care is currently the most targeted sector for phishing attacks, DOH encourages providers to maintain awareness of increasing cyber security threats, including those that come in the form of phishing emails. 

While phishing emails can be difficult to identify, awareness and vigilance on the part of all staff in examining emails can greatly reduce the risk that your organization will fall prey to such an attack. 

Ongoing staff education is essential. The U.S. Department of Health and Human Services (HHS) has compiled excellent webinars, videos and posters that can assist you in building your staff’s awareness of this issue, available at: (https://www.phe.gov/Preparedness/planning/405d/Pages/default.aspx). 

The following common indicators of phishing and general recommendations may help your staff to evaluate email messages before choosing how to proceed. 

Common Indicators of phishing email may include the following: 

• Email received from an unexpected source. 
• Mismatched email sender name and email address. 
• Suspicious attachments. 
• Poor grammar or punctuation. 
• Links that don’t look right or that show differently once the mouse is used to hover over the link. 

General user recommendations: 

• Refrain from accessing personal email (e.g., Gmail, Yahoo) and/or social media. applications from healthcare system. 
• Be wary of unsolicited emails, even if the sender appears to be known. 
• Use caution with email links and attachments without authenticating with the sender. 
• Avoid clicking directly on website links in emails; type the address into your browser. 
• Keep browser and virus protection software in most current versions. 
• Educate yourself on how to protect yourself from phishing. 

Ensure your staff is aware of your policies and procedures for dealing with emails they believe are potentially harmful. The attached HHS poster is a quick way to provide important reminders. 

Additional information about these ransomeware hazards was released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and HHS. The advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with ransomware for financial gain and can be found here