US government warns hackers may target hospitals for COVID-19 vaccine research, intellectual property

The U.S. Department for Homeland Security and the U.K. National Cyber Security Centre are warning hospitals and healthcare organizations that there could be an increase in cyberattacks targeting them to gain COVID-19 patient data.

The agencies previously sent an advisory on April 8 detailing how cybercriminals and advanced persistent threat groups were engaged in malicious activity related to the coronavirus pandemic; on May 5, they reported that APT actors are targeting healthcare organizations to collect bulk personal information. "The pandemic has likely raised additional requirements for APT actors to gather information related to COVID-19," the advisory states. "For example, actors may seek to obtain intelligence on national and international healthcare policy or to acquire sensitive data on COVID-19 related research."

Two U.S. officials reported to NBC News that "the increased amount of information hospitals are collecting on patients because of the pandemic, as well as any research that could lead to the development of a vaccine, is highly sought after by hackers working on behalf of foreign governments, including China's."

Several hospitals and health systems are engaged in national trials related to COVID-19 treatment and vaccines; they also have tremendous amounts of data about COVID-19 treatment and trends. The agencies reported investigating multiple incidents in which cybercriminals are targeting pharmaceutical companies and medical research organizations as well as universities to steal their data and intellectual property. The cybercriminals see the supply chain as a weak link that they can use to exploit targets.

The APT groups are also using password spraying campaigns to target healthcare organizations where they attempt to break into a system by using a single and commonly used password with several accounts. Using this technique can avoid account lockouts and often is undetected.

The NCSC compiled a list of frequently used passwords that attackers use here.

The agencies recommend updating VPNs, network infrastructure devices and other devices being used for remote work to make sure the software patches are updated. Multi-factor authentication can also reduce risk.

More articles on cybersecurity:
BJC HealthCare reports employee email breach exposes PHI for 19 facilities: 5 details
Former Lurie Children's employee wrongfully viewed 4,824 patient records
The IT behind hospitals' battle with COVID-19: How tech maximized efficiency amid rapid workflow changes

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.