Cyber criminals are at work on the healthcare industry.
Already under pressure due to the COVID-19 pandemic, hospitals and healthcare-related interests have faced an onslaught of cyber attacks in recent weeks. Ruthlessly seizing an opportunity when resources and focus are elsewhere, cyber criminals have been at work in a wide variety of ways.
Item: In mid-April, hospitals in the cities of Ostrava and Olomouc in the Czech Republic reported cyber attacks from a “serious and advanced adversary”, according to an official. These attacks came in the wake of March’s coordinated attacks against a hospital network in Brno, the second largest city in the Czech Republic. Those attacks forced the shutdown of IT infrastructure across three hospitals and healthcare facilities, postponing surgeries and closing emergency facilities to new patients.
Item: The Champaign-Urbana metropolitan area in Illinois (about 200km south of Chicago) found its public health website hacked and held for ransom. The mid-March attack prevented important updates during the early days of the spread of the pandemic in the area. The recovery of the district website took over a week. The ransomware used in the attack was identified as NetWalker, the same malware tool involved in an attempted coordinated assault on hospitals in Spain just over a week later.
Item: In late April, the controversial web forum 4chan published a list of over 2000 passwords purportedly associated with World Health Organization (WHO) employees. Reeling from financial concerns due to the pandemic and reduced funding from the United States, WHO has had to double the size of its cybersecurity personnel complement, and expand its use of outsourcing to bolster its cyber defenses. Authorities around the world have issued multiple warnings to the WHO regarding potential cyber attacks, including eight individual serious threat alerts in the first three weeks of April alone.
Item: Phishing emails related to the Centre for Disease Control (CDC), the WHO, and other reputable sources of COVID-19 information have skyrocketed. In late April, Google reported it saw over 240 million spam messages regarding the novel coronavirus per day, with some 18 million of those containing malware or phishing style attacks specifically related to COVID-19 scams.
Item: In late March, McAfee Labs reported a variety of disreputable mobile applications designed to prey on fears of the pandemic. Several Android apps relating to providing COVID-19 updates and the sale of safety masks and other personal protective equipment (PPE) were released. These apps actually carried ransomware that locked up user devices, or collected personal and financial information for unauthorized use. Healthcare professionals, facing shortages of PPE and understandably concerned about personal safety, were among the targets for these attacks.
Item: Domain registrars have noted a rise in website name registrations containing “corona” and “COVID”, and hundreds of fake news/health sites have been reported. According to cyber threat intelligence company RiskIQ, more than 10,000 coronavirus and/or COVID-19 themed domain names were registered per day in March, including some 35,000 domain names on March 16 alone – the beginning of March break for many in Canada and the United States. When launched, sites under many of these names can attempt to drop malware payloads on visitors, entice you to enter personal or financial data, or spread dangerous misinformation about the pandemic.
According to a 2019 cyber crime report from Malwarebytes, the healthcare sector was already top ten in the world – and climbing – as a target for cyber attackers even before the pandemic. Hospitals and medical facilities have a wealth of sensitive information, exceptionally high “uptime” demands… and often inadequate resources dedicated to cybersecurity and training. The situation surrounding the COVID-19 outbreak has exposed trouble areas and stretched resources even thinner than ever. The race to provide ventilators and other equipment to hospitals may mean that appropriate security measures to configure and secure Internet access on these devices have not been thoroughly tested and implemented. The fast-paced, high-stress environment currently faced by frontline healthcare workers can allow a well-crafted phishing attack to be more successful. And facilities facing successful malware or ransomware breaches may be more inclined to simply pay ransoms to restore operations rather than spend days trying to recover systems and potentially compromise patient care with delays.
Everyone – including healthcare professionals – should exercise extra cybersecurity caution during these stressful times. Some key tips:
Be sure to keep your computer
and mobile devices up to date with security patches and the latest anti-virus
software. Even if you are tricked by a phishing email, having a securely
patched device may block or mitigate the severity of an attack.
Use multi-factor or biometric
authentication wherever possible. Otherwise, be sure to use strong passwords
for your apps, services, and websites. Be sure to use a unique password for
each service, and change them periodically. Consider using a password manager
to keep track.
Only open emails or download
software/applications from trusted sources.
Never open attachments or click
on links in emails from unknown parties or were otherwise unexpected. Hover
over links in any email you receive to confirm that a link is taking you to a
Never open emails or download
software or mobile apps unless they are from a trusted, verified source.
Back up your data regularly,
and keep it separate from your main system. In the event of a ransomware attack
that locks or destroys your data, a tested backup could be invaluable in helping
Report any strange messages or
system behaviour to your IT service or support provider. Early warning and
reaction to a problem can be critical.
Get assistance if you need
it – cybersecurity can be complex, and ISA is here to help.