Contact Us Follow Us :       | Find Us |
CBIZ Tofias

The New England Not-For-Profit Accounting Advisor

Subscribe to Our Blog

Client Satisfaction Survey Results


Follow Us

Posted by Kyle Konopasek on Mon, Aug 3, 2020 @ 01:15 PM


Healthcare entities that are conducting research related to COVID-19 treatment should note that U.S. intelligence officials have detected possible interference from foreign actors. The Federal Bureau of Investigation (FBI) reported in early July that it detected threats from China related to U.S. COVID-19 treatment and intellectual property.

.In an interview with the Washington Post, FBI Director Christopher Wray indicated that Chinese cyber actors have attempted to steal intellectual property, public health records, and information about vaccines, treatments, and testing from U.S. medical facilities, biotech labs, and academic institutions to send to the Chinese government.

Intelligence personnel suspect that the cyber-attacks may continue against the healthcare and public healthcare system in the coming months. It is advised that if your organization is involved with healthcare, medical devices, pharmaceuticals, biotechnology, and/or scientific research and consulting, that you be particularly mindful of your information security protocol and control environment.

How Organizations Can Secure COVID-19 Data

The FBI recommends that healthcare and biotechnology companies take the following actions to reduce their risk of cyber-attack related to COVID-19 information:

  • Understand cyber actors’ tactics, techniques, and procedures, including historical attacks and targeted vulnerabilities
  • Keep network and data systems updated with the most recent security patches
  • Increase monitoring for indicators of system compromise
  • Review and practice an information security incident response plan

Next Steps

This notice from the FBI is another indicator that threats to information security are heightened in the COVID-19 environment. Securing the information technology environment may be further complicated by the fact that key information security personnel, and other employees, may be continuing to work remotely for the foreseeable future.

Proactive reviews of your IT control environment and security policies, accompanied by ongoing process and control improvements, may help reduce the risk of or mitigate the damage from information security breaches and network intrusion.

CBIZ is here to help. Our professionals are experienced with performing cybersecurity risk assessments, vulnerability assessments, and penetration testing, in addition to social engineering procedures and other techniques often utilized by cyber bad actors to access sensitive information and organizational data.

For More Information

To learn more about how you can proactively secure your information and business technology environment, please contact us.

Looking for more COVID-19 resources? Visit our resource center for expertise on impacts to expect and how your business can respond.


Kyle Konopasek is a Managing Director in the Kansas City office of CBIZ MHM, LLC who works closely with the  kyleBusiness and Technology Risk Services Group. He can be reached at or 816.945.5512.



Tiffany Garcia is a Director in the Austin office of CBIZ’s National Risk and Advisory Services Practice. She can be reached at or 512.340.7423.




Copyright © 2020 CBIZ & MHM (Mayer Hoffman McCann P.C.). All rights reserved. CBIZ and MHM are separate and independent legal entities that work together to serve clients. CBIZ  is a leading provider of tax and consulting services. MHM is an independent CPA firm providing audit and other attest services. This article is protected by U.S. and international copyright laws and treaties. Use of the material contained herein without the express written consent of the firms is prohibited by law. Material contained in this alert is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their business.

Tags: internal control, not-for-profit, NFP, cybersecurity, cyber risk assessment, cyber risks, cyber attacks, data attacks, data privacy, COVID-19, FBI

Popular Posts

Browse by Tag

see all