Cyber-attacks on healthcare indicate criminals never let go of opportunity

By Amit Roy Choudhury

GovInsider's tech columnist discusses.

The global novel coronavirus (Covid-19) pandemic that has afflicted the world since the start of the year have resulted in a lot of changes in the way we live, work and play and this will have long-term ramifications even after the pandemic is tamed.

The social distancing norms and lockdowns across the world, triggered by Covid-19 have speeded up digitalisation of both our personal and professional lives by, some estimates, five years. Remote working, education, tele-medicine and online shopping have become main stream. The downside to this digitalisation has been the increased threat of cyberattacks.

As more people and organisations move online, criminals and malicious actors, often state-backed, have stepped up attacks sensing an opportunity – to use a bit of a hyperbole, like a pack of sharks they have smelled blood. It is unfortunate that while the whole world has gone into, what can be termed as a collective pause in economic activity, cybercriminals have stepped up their game.

The global healthcare system has borne the brunt of increased cyberattacks. This has resulted in a double whammy for the sector. The medical emergency has been testing the limits of the healthcare system around the world and what it did not need was the added headache of cyberattacks. With the global focus on healthcare, including frantic efforts to find a virus or a reliable treatment regime for Covid-19, malicious actors have launched a targeted campaign of phishing, ransomware and distributed denial of service (DDoS) on already stretched healthcare organisations.

Hundreds of attempts have been made over the past 10 months to compromise healthcare systems around the world and many did not even make it to the news flow. Among the major ones that have grabbed the headlines is the attack on the Czech Republic’s Brno University Hospital in March. The organisation runs one of the largest Covid-19 testing facilities in the country and it was hit by a ransomware attack that caused an immediate computer shutdown, paralysing the functioning of the institute. Around the same time, there was an unsuccessful cyberattack attempt at the Paris hospital authority AP-HP, (Assistance Publique - Hôpitaux de Paris) and a massive email campaign targeting healthcare workers in Spain.

The US Department of Health and Human Services (HHS), the top US health agency charged with responding to Covid-19, also suffered what in later analysis, proved to be an attempted distributed denial of service attack (DDoS) that sought to overload the agency’s servers.

Izumi Nakamitsu, United Nations Under-Secretary-General of Disarmament Affairs, has noted that the World Health Organisation, (WHO), has experienced more than five times the number of cyberattacks than in the corresponding period last year. “This has compounded people’s already widespread sense of insecurity,” she added.

Attacks not new

Cyberattacks against the healthcare industry are nothing new because health records are highly prized by cybercriminals as these include some of the most comprehensive profiles of individuals. These are extremely lucrative for hackers looking for opportunities at identity theft or credit card details. Compounding matters is that the healthcare sector in some parts of the world has often been seen as a bit of a laggard in terms of using the latest state-of-the-art cybersecurity.

Cybercriminals have also been exploiting the sense of urgency in ensuring online medical systems are up and running due to Covid-19. As a result, in the case of ransomware attacks which compromise online healthcare systems, organisations are more inclined to pay up than keep their systems down for a prolonged period of time.

It is not just hospitals and first responders to Covid-19 that have been targeted by hackers. According to the UK’s National Cyber Security Centre (NCSC) several organisations involved in Covid-19 vaccine development in the UK, US, and Canada have been targeted in a cyberattack by a hacking group known as APT29. APT stands for advanced persistent threats and typically such groups are stealthy threat actors, often backed by a nation state or state-sponsored group. They normally try to gain unauthorised access to a computer network and often remain undetected for an extended period of time.

The NCSC believes the attacks were carried out “with the intention of stealing information and intellectual property (IP) relating to the development and testing of Covid-19 vaccines” . While the NCSC has not released the names of the organisations targeted by APT29, it is believed one of the potential targets was the University of Oxford, which along with AstraZeneca is leading an effort to develop a potential Covid-19 vaccine.

Complications in security

Data security is complicated by the fact that governments, biotechnology companies, researchers and pharmaceutical manufacturers have been working remotely, many on private home networks, due to lockdowns and social distancing norms. Most security networks are only as strong as its most vulnerable point and all it takes is for one compromised system to grant access to a determined and skilled malicious hacker group. Scientific research, like the development of a Covid-19 vaccine, requires collaboration and open sharing of information among researchers. Doing this over dispersed networks makes it harder to protect the network from threat actors.

There have not just attempts to steal confidential data on work being done to develop a Covid-19 vaccine. Malware campaigns have also been launched to exploit the interest in the progress in the development of vaccines with phishing attacks. According to Check Point Software cybercriminals have used the race to develop a vaccine to start malware campaigns by sending executable files in emails with headers related to “Covid-19 vaccines”. These files, if downloaded by recipients interested in knowing more about the vaccine, install what is known as an InfoStealer that is capable of gathering information, such as login information, usernames and passwords from the infected computer. In Singapore, and Southeast Asia, like other parts of the world, there have been a spike in phishing and ransomware attacks, and these have also used the Covid-19 hook.

It’s not just the healthcare sector that has been affected. The rapid and largescale adoption of digital technology that the global pandemic has transformed the way we do business and has triggered an increased dependency on Information and Communications Technology (ICT). This has expanded the attack surface that could be exploited by malicious actors. Reports by the UN have indicated that spear-phishing attacks have risen 667 per cent during the initial peak of the global pandemic.

What can be done?

While governments need to work on their own and with other governments to control the menace of cyberattacks in these trying time by building bilateral and multilateral cooperation and consensus, all stakeholders need to do their part as well.

At the end of the day, cybersecurity is a shared responsibility and for an individual user, whether on professional networks or on private ones, good cyber hygiene can go a long way in diminishing the threat. Having strong and frequently changed passwords, not opening suspicious looking emails with attachments and ensuring that no dodgy websites are visited, coupled with the use of strong anti-virus software can help significantly to decrease the threat.

Personal hygiene, like the use of face masks, hand sanitisers and frequent washing of hands can help to a large extent in keeping Covid-19 at bay. Similarly, good personal cyber hygiene can ensure a safer online experience. While the pandemic shall soon pass, the digitalisation that it has ushered in is here to stay and online habits must change to cope and thrive in a digital first world. This is as good a time as any to start adopting safer online habits.

Amit Roy Choudhury, a media consultant, and senior journalist, writes about technology for GovInsider.