Battling the Bugs: Cybersecurity During a Pandemic

As the COVID-19 outbreak threatens to rapidly overload the health care system and global economy, threat actors seeking to profit during the chaos are increasing their activity. As such, disruptive and destructive cyberattacks could potentially delay or terminate critical services as the demand for COVID-19 testing and treatment continues to increase. This includes not only cybercriminals but also nation-state actors seeking disruption of COVID-19 response efforts.

In order to reduce this risk, the health care industry should take steps quickly to secure their networks and devices against cyber attacks. Consider the following recommendations to help secure the health IT environment and protect against imminent, critical security incidents. Remember, good cybersecurity practices are for all of us, not just the security professionals.

Secure the Network Then Prepare for a Security Breach

Hackers are taking advantage of the COVID-19 outbreak to deliver targeted malware attacks, steal confidential information, and gain access to information systems. For example, a recent global cyberattack targeted those looking for a map displaying COVID-19 statistics; the attack duplicated a legitimate online source and asked viewers to download a malicious application that allowed the hackers to access stored passwords.

Another attack vector uses phishing emails pretending to be from the World Health Organization or offering COVID-19 safety tips. After gaining access to the hospital’s network, an attacker could shut down critical medical devices or otherwise interrupt use of the hospital’s computer system and interrupt patient care. Often in an attempt to obtain a ransom payment, a tactic that has been increasingly used.

Health systems have already become a primary target for malicious attacks, and there are indicators that hospitals providing care to COVID-19 patients may become particular targets. Just this week, Brno University Hospital, one of the Czech Republic’s largest COVID-19 testing facilities, was hit by a severe cyberattack. While hospital officials have not revealed the nature of the security breach, the incident was considered severe enough to postpone urgent clinical interventions and re-route new acute patients to a nearby hospital.

To avoid a similar situation, begin with the basics. First, it is important to ensure your systems are patched and IDS/IPS signatures along with associated files are up‑to‑date. Attackers rely heavily on unpatched and out‑of‑date network configurations.

Implement robust IT procedures, including, providing regular Windows and application updates, deploy anti‑virus and spam filtering, utilize end-point detection and response software, and implement multi-factor authentication processes. Consider using this time as an opportunity to test your own cyber resilience plan. A well-tested plan can help you reduce downtime and limit financial and reputational impact. Educate your users on the implications of this threat. As surge facilities are established and surge or volunteer personnel are brought on board, maintain good practices related to credential and access management, and provide just-in-time HIPAA training.

The best protection against ransomware is to encrypt your data when in transit and at rest. Close any TCP ports that are not needed, and disable potential access points such as Remote Desktop Protocol. Be prepared for the worst and have (and test) pristine backups.

Beware of Fake COVID-19 News – Frequently Communicate with Employees

The vast majority of COVID-19 information shared across social media comes from fake news sites, according to Newsguard, a service that rates the credibility and transparency of web news content. Meanwhile, official sources like the Centers for Disease Control (“CDC”) and the World Health Organization (“WHO”) are receiving only a small fraction of the engagement concerning COVID-19.

NewsGuard recently launched a Coronavirus Misinformation Tracking Center that lists websites reporting misleading and false information about the spread of COVID-19. The list of websites with false and misleading content related to COVID-19 has grown from 31 sites upon launch to over 106 in the US and Europe. Perhaps the greatest concern with this is that content engagement, in the form of social media likes, shares, and comments, is many times higher than overall engagement on the official advisories and content released by the CDC and the WHO.

Importantly, according to Forrester’s PandemicEX survey, employees trust their employers as a source of information about COVID-19 more than they trust government and social media sites. A key takeaway for health care employers is the importance of frequent and open communication with employees regarding this rapidly evolving issue.

Practical Takeaways

Be on the lookout for phishing and spam emails from threat actors actively using the pandemic to attempt to compromise an individual’s accounts and organization’s networks. It is a great time for health care leadership to remind their teams of basic internet hygiene to go along with the increased focus on personal hygiene. Wash your hands and don’t click on suspicious links.
Monitor the hospital’s network for malicious activity and be prepared to report a significant increase in attempted access to information systems. As critical as having an adequate number of clinicians and clinical equipment may be, having access to these resources is just as crucial.
Prevent the spread of misinformation by regularly communicating with employees and providing updates on the impacts of COVID-19. Additionally, as a resource to our clients and contacts of the firm, Hall Render has created a resource center webpage focused solely on accurate, updated COVID-19 information.

Hall Render Advisory Services and Hall Render attorneys are monitoring updates as the COVID-19 pandemic continues. If you have any questions or would like more information on this topic, please contact: