ENISA provides cybersecurity advice to support Hospitals and the healthcare sector against the increase of phishing campaigns and ransomware attacks during the coronavirus crisis.
The COVID19 pandemic has created a new reality for the healthcare sector globally testing its limits. Adding to the overwhelming situation it is currently facing, the sector has become a direct target or collateral victim of cybersecurity attacks. Malicious actors taking advantage of the COVID19 pandemic have already launched a series of phishing campaigns and ransomware attacks. Hospitals have shifted their focus and resources to their primary role, managing this extraordinary emergency, which has placed them in a vulnerable situation. Hospitals, and the whole healthcare sector, now have to be prepared.
Cybercrime adapts to the world around it. It is hardly surprising that in the beginning of an escalating global pandemic like COVID-19, malware actors have jumped on the bandwagon. The current situation in the EU and worldwide provides a fertile breeding ground for various campaigns. In no particular order, the following conditions are being exploited making the sector even more vulnerable:
- High demand for certain goods like protective masks, disinfectants and household products
- Decreased mobility and border closures
- Increasing reliance on teleworking, often with little previous experience and planning
- Increased fear, uncertainty and doubt in the general population
ENISA can provide some advice to support the sector, taking into account the situational evolution and most common incidents since the beginning of the pandemic.
- Share the information with healthcare staff in the organisation, build awareness of the ongoing situation and, in the case of infection, ask staff to disconnect from the network to contain the spread. Raise awareness internally in healthcare organisations and hospitals by launching campaigns even during the time of crisis (i.e. to inform hospital staff not to open suspicious emails).
- In case of systems compromise, freeze any activity in the system. Disconnect the infected machines from others and from any external drive or medical device. Go offline from the network. Immediately contact the national CSIRT.
- Ensure business continuity through effective backup and restore procedures. Business continuity plans should be established whenever the failure of a system may disrupt the hospital's core services and the role of the supplier is such cases must be well-defined.
- In case of impact to medical devices, incident response should be coordinated with the device manufacturer. Collaborate with vendors for incident response in case of medical devices or clinical information systems.
- One preparedness measure is network segmentation. With network segmentation network traffic can be isolated and / or filtered to limit and / or prevent access between network zones.
The whole cybersecurity community is working together to support the healthcare sector as the pandemic develops; national cybersecurity authorities are issuing alerts and guidelines (e.g. the situation in CZ) on potential cyber attacks; in the CSIRT Network MS continuously exchange information and issue situational reports together with the EU Institutions; the private sector is offering pro-bono cybersecurity related services supporting the healthcare sector.
Further Information
For further information related to the cybersecurity aspects of the COVID19 pandemic, consult the ENISA pages dedicated to this issue under the Topic COVID19