WHO, coronavirus testing lab hit by hackers as opportunistic attacks ramp up

The World Health Organization has reportedly seen attempted cyberattacks double since the onset of the COVID-19 crisis, and a vaccine testing facility has also been targeted with ransomware.
By Nathan Eddy
10:58 AM

The World Health Organization is just the most recent agency on the front lines of the ongoing coronavirus pandemic to be fighting off cyber criminals as it battles worldwide spread of COVID-19.

According to Reuters, WHO has seen a marked increase in attempted cyberattacks – with one of the most recent reportedly perpetrated by a hacker group called DarkHotel. The unsuccessful attack spoofed a webpage to look like a login portal for agency employees in an attempt to steal passwords.

As healthcare organizations battle the COVID-19 pandemic, they’re also facing heightened cybersecurity threats from malicious actors looking to take advantage of the crisis caused by the outbreak.

The U.S. Department of Health and Human Services also fended off an attack recently as it was simultaneously focused on coronavirus response.

Now, a UK-based medical facility that has plans to test coronavirus vaccines, Hammersmith Medicines Research, has been hit by an attack from one of the ransomware groups that recently pledged not to target medical organizations during the COVID-19 pandemic.

The criminals behind the Maze ransomware attacks apparently managed to exfiltrate a slew of patient records, and have subsequently published some of the files on the dark web, demanding ransom payment.

According to a report in Computer Weekly, HMR was able to repel the attack and restore its systems without having to pay any ransom, though the organization’s clinical director Malcolm Boyce confirmed that private documents of more than 2,300 patients, including medical questionnaires and copies of passports, were leaked online.

"We have no intention of paying. I would rather go out of business than pay a ransom to these people," Boyce told the publication.

Medical records are highly valuable on the dark web as they usually contain personally identifiable information, including a patient's full name, address, financial information, Social Security Number, and more.

"The recent ransomware attack on Hammersmith Medicines Research further demonstrates that there is no action too despicable for cybercriminals," said Anurag Kahol, chief technology officer of cloud security vendor Bitglass, in a statement.

"In this case, the bad actors behind the Maze ransomware attacks have specifically targeted a medical facility that is supporting the testing of vaccines for COVID-19; previously, this hacker group promised not to target healthcare organizations during the pandemic."

The ransomware report comes as cloud-based email-security firm GreatHorn revealed the findings of a study on the rapid growth of COVID-19-related email threats, which analyzed a representative sampling of one billion emails over the past 10 weeks.

The report revealed there were 15 times as many phishing attacks during the first two weeks of March as there were for the entire month of January, and Coronavirus-related email threats more than doubled from February to March. As of March 14, they made up 2% all email traffic.

In analyzing the threats, GreatHorn found that malicious actors rely heavily on impersonation tactics, for example "official" CDC announcements and executive communications, and either masked or used lookalike URLs from organizations like the CDC or WHO, typically seeking credentials or either confidential or financial information.

Earlier this month, a cyberattack on Czech hospital forced a tech shutdown during the coronavirus outbreak. The Brno University Hospital houses one of the largest COVID-19-testing facilities in the Czech Republic.

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer: nathaneddy@gmail.com
Twitter: @dropdeaded209

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.