Hospitals and Healthcare Organizations Found To Be Increasingly Vulnerable To Cyberattacks During COVID-19 Pandemic
April 7, 2020
By: John Mark Huff
On April 4, 2020, Interpol issued a Purple Notice regarding a heightened ransomware1 threat to hospitals.2 An Interpol Purple Notice seeks “to provide information on modus operandi, objects, devices and concealment methods used by criminals.”3 According to Interpol, hospitals and other “organizations at the forefront of the global response to the COVID-19 outbreak…have also become targets of ransomware attacks, which are designed to lock them out of their critical systems in an attempt to extort payments.”4 According to Interpol Secretary General Jürgen Stock, “[l]ocking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.” Interpol recommends the following steps for hospitals and other organizations “to protect their systems from a ransomware attack.”5
- Only open emails or download software/applications from trusted sources;
- Do not click on links or open attachments in emails which you were not expecting to receive, or come from an unknown sender;
- Secure email systems to protect from spam which could be infected;
- Backup all important files frequently, and store them independently from your system (e.g. in the cloud, on an external drive);
- Ensure you have the latest anti-virus software installed on all systems and mobile devices, and that it is constantly running; [and]
- Use strong, unique passwords for all systems, and update them regularly.6
Prior to Interpol’s alert, on April 1, 2020, Microsoft issued an alert that the healthcare industry was particularly vulnerable to ransomware attacks by cybercriminals.7 These cybercriminals are taking advantage of the COVID-19 crisis to attack hospitals that may be experiencing a large influx of patients.8 According to the Microsoft alert, these attacks are targeting Virtual Private Networks (“VPN”) and Virtual Private Servers (“VPS”) as the workforce for not only hospitals but also other organizations has become more of a remote workforce since the outbreak of COVID-19.9
To assist in thwarting this threat, Microsoft targeted several “hospitals with vulnerable gateway and VPN appliances in their infrastructure…[and] sent out a first-of-its-kind targeted notification with important information about vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from [the] exploits of these particular vulnerabilities and others.”10 Microsoft’s alert also provided an extensive list of suggestions on how to prevent these ransomware attacks including, but not limited to, applying “all available security updates for VPN and firewall configurations,” monitoring and paying “special attention to your remote access infrastructure,” turning “on attack surface reduction rules, including rules that block credential theft and ransomware activity,” and turning “on AMSI for Office VBA if you have Office 365.”11
It is unfortunate that hospitals and other healthcare organizations must be concerned with criminals and criminal organizations, who seek to profit from this global pandemic. However, it is the situation in which we find ourselves, and hospitals and healthcare organizations need to be vigilant to not only care for their patients, but they must also be vigilant in caring for the technological systems that allow them to provide care for their patients. As the Interpol Secretary General commented, not doing so “could directly lead to deaths.”12 Therefore, it is important for hospitals and healthcare organizations to remain vigilant in maintaining their technological systems as they also care for their patients.
1 “Ransomware is a form of malware that encrypts a victim’s files. The attacker then demands a ransom from the victim to restore access to the data upon payment.” https://www.csoonline.com/article/3236183/what-is-ransomware-how-it-works-and-how-to-remove-it.html.