The COVID-19 pandemic is one of the most unprecedented events to have occurred in the past decade. In fact, the last time a major pandemic hit was in the 1910s. Since then, there have been milder pandemics which have occurred more recently in 2009 (Influenza A H1N1). The world has changed drastically since these pandemics. That said, the fact that the world is so interconnected and digitally dependent, makes the COVID-19 pandemic even more unique.
It wouldn’t be too far-fetched to say that with the COVID-19 pandemic, we’ve learnt that pandemics aren’t just about being biologically compromised anymore. In fact, Flavo Aggio, the Chief Information Security Officer at the World Health Organisation (WHO) attributes more than 15,000 deaths worldwide in this pandemic alone to the cyber attacks that healthcare agencies such as WHO face on daily basis. What’s more apparent is the number of cyber attacks related to COVID-19 have increased substantially since the pandemic began. Great Horn, a cloud-based security platform, reports that currently about 2% of email traffic related to COVID-19 comes from malicious players looking to get access to pertinent, personal information. Other security companies have reported that the number of cyber attacks linked to the COVID-19 pandemic have more than doubled since its emergence.
Proof is in the Pudding – Increased Cyber Attacks are putting Patients& People at risk
In the most recent attack against the WHO, a malicious hacker group known as DarkHotel setup a site to mimic WHO’s internal email page in an effort to get login information of WHO employees to access sensitive information. The group’s activities were first detected by Alexander Urbleis, a cyber security expert and attorney at Blackstone Law Group in New York. Urbelis mentions that he detected the site’s activation on 13 March.
This attack comes from the group after it vowed not to attack healthcare agencies and research centers during the pandemic. That said, the WHO was able to fend off the attack without getting compromised.
However, this hasn’t been the only COVID-19 based attack. During the same time, Brno University Hospital was forced to shutdown their technological services. This was due to a breach in cybersecurity which forced the hospital to take preventative measures. The attack compromised the health of all of the patients who required advanced testing. It forced doctors and nurses to chart manually which caused delays in care.
Perhaps more alarming is how hacker groups have also been targeting research centers and pharmaceuticals. Hammersmith Medicines Research (HMR), one of the companies involved in developing a vaccine for SARS-CoV-2, the virus causing COVID-19, reported that it was part of a ransomware attack. This attack compromised the information of about 2,300 patients involved in trials. The group behind the attack demanded money after gaining access to the files. These patient files have since found their way to the dark web, making them vulnerable to further compromise.
It’s becoming increasingly obvious that while malefactors are targeting healthcare institutions and companies, the ones who truly pay the price are the patients. With their data at risk and treatments being delayed or interrupted, we are seeing a larger, more worrying pool of victims.
Compromised Cyber Security Could have Lasting Effects
That is only the tip of the iceberg. With pertinent patient information in the wild, these patients have been exposed to a larger cyber threat; one that could be even more devastating to them after the pandemic. Information such as their addresses, social security and passport details are now available online – if you know where to find it. Another question remains: “Were these patients informed of such a data breach?”.
With the compromised information, malicious players will be able to gain access to a number of things including bank accounts and other important accounts. In fact, hackers will able to social engineer this information to gain access to emails, social media and more by simply connecting the dots. The fact of the matter is, most passwords and logins are linked to a person’s social history or items like their social security numbers.
These breaches have potential psychological and physical repercussions that not many are aware of. Being the subject of a data breach or having an email or bank account compromised as a result will result in lost time and psychological stress. Keep in mind, that some of these attacks hold your vital information ransom and demand for money. This would definitely lead to increased anxiety.
Personal Hygiene Must Include Your Digital Footprint
It can’t be any more obvious that we are in an age where our digital lives are increasing intertwined with our daily lives. Even in an epidemic, we are seeing the effects of cyber attacks on our daily lives Hence, with attacks on the rise, users like you and me must also take precautions to protect our digital footprint. It is as essential as washing our hands and avoiding touching our face in this pandemic.
We can start with one simple step – pay attention to the details. Kaspersky has reported that there has been an uptick in look-a-like domains since the onset of the COVID-19. In particular, when it comes to authoritative domains. In particular, they’ve highlighted an email supposedly from the CDC (Center for Disease Control) in America. The official domain for the CDC is cdc.gov; however, emails have been sent from an email from cdc-gov.org. The small difference when it comes to this domain could be the difference between getting compromised or getting official information.
The next step you can take is, like washing hands, spend a little time refreshing your passwords. Good password hygiene is essential to keeping your information secured. Look at changing your passwords on a bi-monthly, if not monthly basis. If you’re working in an industry that requires heightened security and privacy, you know that they have policies that require you to change your password every 3 months, at the very least. So, why are you worth any less?
One of the most basic things you can do for increased security is to activate two factor authentication (2FA). When you activate 2FA, you will be prompted to give an additional item for authentication. This will help verify your identity. That said, activating 2FA is no excuse not to change your password on a regular basis.
With these steps as a starting point, you’ll have better security on the internet. That said, it’s just a start. Don’t get too comfortable with yourself when it comes to internet security. With more and more attacks focused on taking advantage of lapses of judgement, we need to be more alert. Even when we’re searching for information, it’s important we pay attention to the details, check website addresses and keep vigilant on the links in your email. While things may seem bleak, it’s no excuse to stay away from the internet. Just be more alert and vigilant and enjoy one of the best inventions since sliced bread.