The health care industry and independent organizations searching for vaccines and / or better-quality treatment protocols are on the forefront combating against COVID-19. There are obvious risks in treating COVID-19 patients and performing research on infectious diseases with the exposure to the virus chief among them.

Another risk on the health care sector and researchers that has been intensified by the COVID-19 crisis is the threat of cyber-attack.

Malicious cyber threat actors are targeting health care and other essential services related to COVID-19. Health care providers, pharmaceutical companies, academies, medical research organizations and local governments face intensified risks. These Advanced Persistent Threat (APT) actors scan external websites and probe for vulnerabilities in unpatched softwares.

60% of health care sector data breaches involve phishing or other email based attacks. Worsening the case hospitals, phishing plays a role in 69% of all breaches.

Phishing campaigns subjecting with COVID-19 peaked at their highest levels in March 2020. Phishing attacks targeted towards the health care sector are mainly with a motive to plant a backdoor in the systems and trigger them remotely to fetch critical data about patient medical histories, internal employees data etc.

As per Health IT Security, just one in five organizations (21%) provide employees with monthly security training. And another 55% fail to provide their employees with any frequent email security training. In just the first 100 days of 2020, impersonation fraud attempts increased by nearly one-third, which researchers believe is tied to attackers targeting the spike in remote workers amid the COVID-19 crisis.

As attackers continue to pummel the health care sector with COVID-19 related phishing attacks, entities have failed to keep pace with the threats. 75% of hospitals fail to employ email scanning and filtering tools. Across all healthcare entities, 86% do not use the said tools, although its use reduces the likelihood of a successful ransomware attack by 33%.

Recently, the Federal Bureau of Investigation (FBI) and CISA issued a precise warning to COVID-19-related research entities that malicious cyber threat actors associated with the People’s Republic of China (PRC) have been observed targeting organizations with the intention to identify and illegally obtain valuable intellectual property (IP) and public health data related to vaccines, treatments, and testing from networks and personnel affiliated with COVID-19-related research in the United States.

The United States Department of Homeland Security (DHS) Cyber security and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) are jointly investigating password spraying by APT actors against health care organizations.

Password spraying involves the use of commonly used passwords until a single user’s account is breached. Once a single compromise occurs, the malicious actors will obtain access to other systems where the same password is used. In addition, once in, the bad actors can attempt to move laterally through the system and attack additional users.

In light of the recent APT attacks, CISA and NCSC have laid out guidelines with several preventive measures to mitigate the likelihood of a password spraying attack:

• Review password policies to ensure they align with the latest NIST guidelines and dissuade the use of easy-to-guess passwords
• Review IT help desk password management related to initial passwords, password resets for user lockouts and shared accounts. Require the use and protection of strong passwords
• Use multi-factor authentication to reduce the impact of password compromises
• Protect the management interfaces of your critical operational systems
• Update VPNs, network infrastructure devices, and devices being used to remote into work environments with the latest software patches and configurations
• Establish a security monitoring capability for keeping a track of all activities needy in case of a cyber incident
• Review and refresh your incident management processes
• Use modern systems and softwares
• Invest in preventing malware-based attacks

In addition to the guidelines laid out by CISA and NCSC, it indeed becomes vital to also take care of the first line of defense of your organizations… EMPLOYEES. 95% of all successful cyber-attacks are caused due to human error. Any amount of security systems & configurations will not be up to the mark until your employees remain unaware about the cyber threat landscape affecting your organization.

A general question arises:

How to effectively train our non-technical employees with the cyber risks…????

We at Progist help you find the answer with ProPhish Employee Awareness Program.

A completely customizable program which includes numerous activities to train your most important first line of defense in the organization. PEAP offers a wide range of topical cyber security trainings & awareness modules for organizations to train their employees in a modern and effective fashion. To know more about PEAP — reach us out at info@progist.net

References:

• https://www.jdsupra.com/legalnews/covid-19-cybersecurity-risks-for-health-48315/
• https://www.us-cert.gov/ncas/alerts/AA20126A
• https://www.us-cert.gov/ncas/tips/ST04-002
• https://www.us-cert.gov/ncas/tips/ST05-012
• https://www.ncsc.gov.uk/guidance/introduction-logging-security-purposes
• https://healthitsecurity.com/news/email-critical-enterprise-risk-as-impersonation-attacks-increase
• https://healthitsecurity.com/news/open-ports-phishing-key-targets-in-healthcare-ransomware-attacks