Health care

Feds warn of malicious monkeypox email campaign targeting healthcare providers

Feds warn of malicious monkeypox email campaign targeting healthcare providers

Do not click on links or attachments unless you are sure they are legitimate.

Physicians and their staff should beware of a monkeypox-themed email campaign targeting healthcare providers.

On September 19, a sector warning was published by the Health Sector Cybersecurity Coordination Center (HC3), within the US Department of Health and Human Services. The campaign uses official-sounding language to convince recipients to click on a fake download that is in fact a program trying to steal email data.


The sector warning stated: “The campaign is titled: “Data from (abbreviation of victim organization): “Important reading about – Monkey Pox – (Victim’s organization) (reference number) and uses a theme “Important reading about Monkey Pox”.

“The email contains a PDF with a malicious link that lures the recipient to a Lark Docs site. “The site has an Adobe Doc cloud theme and offers a secure fax Monkey Pox PDF download.

“Clicking the download will attempt to collect Outlook, O365, or other email credentials.”

HC3 recommends the following actions to help protect organizations’ cybersecurity:

  • Protect every account with complex, unique passwords. Use a passphrase and/or a complex combination of letters, numbers, and symbols.
  • In general, avoid opening unsolicited emails from senders you don’t know.
  • Do not open a link or attachment in an email unless you are sure it comes from a legitimate source.
  • Do not download or install programs if you do not fully trust the publisher.
  • Do not visit unsafe websites or click on pop-up windows that promise free programs to perform useful tasks.


Leave a Comment