Covid-19 healthcare bodies targeted by cyber criminals

Affected work sectors include healthcare, pharmaceuticals, academia, medical research and local government.

The attacks are frequently designed to collect bulk personal information, intellectual property and intelligence that aligns with national priorities.

The UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory urging staff to change any passwords to one created using three random words, and to implement two-factor authentication on accounts to reduce the threat of compromises.

It is thought that many of the attacks on healthcare bodies are designed to steal sensitive research data for both commercial and state benefit.

The agencies also warned that the broad shift to remote working where possible has opened up security holes in some organisations that they may not be aware of.

The NCSC previously told firms to bolster their defences soon after the implementation of the nationwide lockdown.

Paul Chichester, NCSC director of operations, said: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe.

“By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.

“But we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password-spraying campaigns.”

Last month, the NCSC launched its Suspicious Email Reporting Service, following an increase in the number of Covid-19-related email scams, which allows the public to forward emails directly to the centre in order to report suspected scams.

In its first week, the NCSC said the service received more than 25,000 reports, which resulted in 395 scam websites being taken down.

Bryan Ware, CISA assistant director of cyber security, said it was prioritising its services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus.

“The trusted and continuous cyber-security collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organisations, specifically during this time as healthcare organisations are working at maximum capacity,” he said.

Speaking at the daily coronavirus briefing, Foreign Secretary Dominic Raab added: “We’re working with the targets of those attacks, with the potential targets, and with others, to make sure that they’re aware of the cyber threat and that they can take the steps necessary to protect themselves and at the very least mitigate the harm that could be brought against them.

“There are various objectives and motivations that lie behind these attacks, from fraud on the one hand, to espionage, but they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims, and they’re often linked with other state actors.

“We expect this kind of predatory, criminal behaviour to continue and to evolve over the coming weeks and months ahead, and we’ll be taking a range of measures to tackle that threat.”