Covid-19 dynamics are creating more opportunity for malicious actors to target healthcare organisations

On 12 and 13 March Brno University Hospital in the Czech Republic was compromised by a major cyber attack. The hospital, one of the largest COVID-19 testing facilities in the country, was forced to relocate new patients to other hospitals as its systems were shut down.

“We think the Covid-19 dynamics are creating more opportunity for malicious actors to target telemedicine and healthcare organisations as a whole,” says Bindu Sundaresan, director, AT&T Cybersecurity. “Cybersecurity threats to these organisations are real, especially in the wake of a global pandemic.”

“Healthcare organisations are scrambling to expand their remote system access and management while adequately protecting sensitive information from malicious actors. It is expected that we will see more highly publicised ransomware attacks on hospitals, for example, with patients being diverted to other hospitals and an inability to access patient records to continue care delivery. From small, independent practitioners to large, university hospital environments, cyber-attacks on health care records, IT systems, and medical devices have previously infected many systems.”

“Patients need to understand that their data belongs to them and that no provider safeguards can replace their own responsibility to make smart decisions about how and where they use virtual health services,” she adds. “Communicating that principle is one responsibility of a provider organisation that offers virtual services. So is the parallel responsibility to make sure physicians who use the system approach it with the same understanding.”

Telehealth, the provision of health-related services and information over the internet, is also at risk, Sundaresan explains.

“Although telehealth is going to be a sought-after platform given the current situation, practitioners will have to take certain precautions to prevent cyber-attacks. To address this challenge, an organisation needs a robust authentication process before giving access to data externally and offer educational and training programs internally.”

“Specific to telemedicine, we expect threat actors will focus on device security, patient and provider identification as well as access system-level security vulnerabilities.”

Meanwhile, the French government’s cyber security agency has also warned of attacks targeting French local authorities.

“During these attacks, ransomware-type malware was used, rendering certain files unusable,” it said in a statement. “The origin of these attacks is unknown to date and analyses are currently underway. However, ransomware attacks are generally carried out opportunistically by actors motivated by lucrative goals.”