By Grant McCracken, head of security operations, Bugcrowd.
For some time now, COVID-19 has dominated every aspect of civilian life. The global workforce, healthcare systems, and international news cycles have all been impacted by the pandemic, which wreaked havoc in every area of what was once normal life.
COVID-19 is top of mind for cyberattackers too. The combination of the financial downturn and universal chaos creates the perfect storm for criminals looking to make a quick buck. At the end of the day, attackers run their own businesses too and we should always expect assailants to capitalize on chaos. Targeting healthcare systems, hospitals and workers on the front line are no exception, especially given the mass influx of patients at hospitals, longer work hours and general uncertainty.
Financial gain is the strongest motive for cybercriminals and healthcare is already a vulnerable target; healthcare assets are exceptionally attractive by default, with sensitive information, delicate infrastructure and the fact that these systems cannot experience downtime.
Just last month, the WHO reported a five-fold increase in cyberattacks on its employees. Around 450 WHO email addresses and passwords were leaked, as well as information of thousands of people currently working on COVID-19 responses. Since then, the agency has begun to relocate affected systems to a more secure arrangement, including the utilization of a safer authentication process. This is only the tip of the iceberg.
In late March, a group of attackers impersonated WHO staff in emails and targeted civilians in attempts to obtain donations to fraudulent COVID-19-based nonprofits. While the source of the attack was not confirmed, it is possible that an accomplished hacking group called DarkHotel was behind the attack, according to a Reuters report.
On top of that, attacks across industries have spiked exponentially. Google observed more than 18 million malware and phishing emails related to COVID-19 a day during the first week of April and Zscaler reported a whopping 30,000% increase in COVID-19 themed phishing incidents, malicious websites, and malware attacks since January 2020.
The same malware used in the WHO cyber attack targeted other healthcare organizations in the weeks prior. When dealing with such sensitive information, including potential vaccines and test results, protecting data and patient details is of the utmost importance. Supplementing security procedures with the skills, experience and creativity of whitehat hackers could ultimately be the deciding factor on who pays the price for attacks like these.
Think of the white hat hacking community as a security Justice League; these good guy security researchers hunt for security holes and help companies address them before they can be exploited by the bad guys. Our healthcare workers are protecting patients, the last thing they should have to worry about is a cyberattack.
Vulnerability disclosure programs enable lionhearted white hat hackers to act as the world’s neighborhood watch for organizations and healthcare systems as a whole — defending first responders and healthcare systems so efforts can be focused on patient care and medical research instead. Hiring the global white hat hacking community can remediate organizations’ entire security posture and enable them to secure patient data rapidly through security testing, 24 hours a day, 7 days a week, 365 days a year.
Another tactic to defend the COVID-19 front lines is to continually patch every computer, IoT and medical IoT device. For the machines that are harder to patch because of downtime, it’s crucial to segment these devices away from sensitive data. This ensures that if devices are compromised, attackers won’t be able to move laterally through the network and create more chaos.
It’s also vital that we continue to teach all employees how to avoid phishing email scams and update this consistently to prevent new emerging delivery methods. Employees and employers should avoid opening any emails, links, or attachments from untrustworthy places or people. It is crucial for healthcare providers to verify all dubious sources as soon as any suspicion arises.
Regardless of the type of attack, the best prevention model is to adopt and implement superior cybersecurity hygiene best practices. Like human hygiene, proper cybersecurity hygiene starts with education, prevention and consistent, healthy daily habits. Investing in one’s security practices and teams will be advantageous in the long run, as a strong security posture doesn’t form overnight.
COVID-19 has presented attackers with an unprecedented opportunity to exploit human fear. The healthcare industry’s best bet to defend digital assets is to practice good cyber hygiene, exercise some caution when opening emails, and ensure staff is properly educated on security policies. During these are unpredictable times, healthcare must be practicing good hygiene on and offline, as there’s much more at stake than usual.