The Washington PostDemocracy Dies in Darkness

The Cybersecurity 202: Hospitals face a surge of cyberattacks during the novel coronavirus pandemic

with Tonya Riley


Hospitals that are already pushed to their limit dealing with a patient surge from the novel coronavirus pandemic are getting slammed with cyberattacks and digital scams, as well. 

Among the most damaging are ransomware attacks that aim to shut down entire hospitals until they pay a fee that can cost millions of dollars. 

Such attacks shut down computers at the Champaign-Urbana Public Health District in Illinois for three days in March and forced the district to shell out $300,000 in ransom, as reported by the Pew Charitable Trust’s Stateline service. Another attack shut down computers at a university hospital in the Czech Republic, which was forced to turn away patients.

The attacks have prompted stark warnings to hospitals from the Department of Homeland Security and from Interpol, which warned of a “significant increase” in cyberattacks targeting hospitals around the globe. Interpol issued a “purple notice” — basically a warning about a criminal trend and its methods — alerting police in 194 countries about the heightened ransomware threat. 

The attacks are part of a surge in hacks and scams prompted by the coronavirus pandemic aimed at taking advantage of people’s dislocation and fears. But they’re particularly effective against hospitals where the intense pressure created by the pandemic might make workers more likely to slip up and click a link they shouldn’t, Jen Miller-Osborn, deputy director of Palo Alto Networks’s Unit 42 threat intelligence unit, told me. 

“People are stressed, and it might short-circuit the logic in their brain that says I shouldn’t click that,” she said. 

Miller-Osborn’s group found hackers trying to lock up computers at a Canadian government health organization and a Canadian medical research university by posing as officials from the World Health Organization in a report out yesterday. The group also logged attempted digital attacks against medical research facilities in Canada and Japan, but it didn’t name any of the victims.

Even before the pandemic struck, hospitals and health-care providers were among the top targets of ransomware attacks because they’re among the organizations that can least afford to be pushed offline for even short periods of time. And that can mean they’re more likely to pay up. 

Hospitals are not necessarily more susceptible to ransomware attacks. However, an attack can have severely detrimental consequences for them, such as the loss of patient records, and treatment delays or cancellations,” Michal Salát, a malware analyst for the anti-virus firm Avast wrote in a blog post

Health-care providers, like other employers, are especially vulnerable to hacking now because more non-essential staff are working remotely. That makes it harder to patch their laptops and mobile devices against threats and they may be relying on unfamiliar networking tools to connect with co-workers.

About 70 percent of cyberattacks against health-care providers in recent years focused on smaller providers likely to have weaker digital defenses, a briefing this week by analysis firm RiskIQ found.

And the increased danger during the pandemic isn't likely to deter attackers, Miller-Osborn said.

“Before these groups were launching corporate attacks, most of them were targeting vulnerable people, stealing the life savings of old people, so targeting corporations is no problem at all,” she said. “We expect these covid-themed attacks to continue as long as they’re effective.”

One piece of good news came yesterday when Microsoft announced it will offer hospitals free access to an advanced security system called AccountGuard. The service essentially means Microsoft will closely monitor email traffic and other avenues hackers typically use and alert the organizations about any hacking efforts by nation-states and criminal groups. 

It's the same protection Microsoft offered free to political campaigns, members of Congress and democracy-promoting nonprofit groups that are targeted by sophisticated hacking groups from Russia and elsewhere. 

Yesterday’s announcement offers the protection to hospitals, clinics and medical labs as well as pharmaceutical, life sciences and medical device companies that are researching, developing or manufacturing coronavirus-related treatments.  

“Every patient deserves the best possible healthcare treatment, and we all need to thank and applaud the truly heroic work by those risking their own health to help those who are sick,” Microsoft Corporate Vice President Tom Burt said in a blog post. “Their work is challenging enough but is being made more difficult by cyberattacks.” 

Note to readers: The Cybersecurity 202 will just be publishing Tuesday, Wednesday and Thursday this week. We’ll be back to our regular schedule next week.


PINGED: A group of Republican senators is urging federal agencies to make sure U.S. companies can participate in global standards-setting meetings where organizations hammer out rules on security and other issues for next-generation 5G networks. 

The concern is an unintended consequence of Trump administration rules barring U.S. companies from partnering with the Chinese telecom Huawei and could keep them from participating in standards-setting groups if Huawei is also a member.  An almost year-long stall on clarifying the rules is excluding U.S. companies from those meetings and jeopardizing national security, the senators say.

“When U.S. export controls restrict U.S. companies from participating in standards-setting bodies, China-based Huawei is well-positioned to fill any gaps, the group led by Sen. Marco Rubio (R-Fla.) wrote to leaders of the Defense, State Commerce and Energy departments. The letter was also signed by Republican Sens. James Inhofe (Okla.), Tom Cotton (Ark.), John Cornyn (Texas), Mike Crapo (Idaho) and Todd Young (Ind.). 

Last month a bipartisan group of senators introduced legislation aimed at strengthening U.S. leadership in international 5G standards-setting groups by directing the Commerce Department to help companies that participate in the groups with technical expertise.

PATCHED: Apple launched a new tool to help combat the coronavirus pandemic using anonymous data from Apple Maps to show how well people are following social distancing guidelines, Todd Haselton and Christina Farr at CNBC report. It's the latest effort by a major tech company to harness user data to fight coronavirus while trying to protect privacy. 

Apple generates data on how many people are moving in an area based on the number of requests made to its Maps app for directions. The data isn't tied to user accounts and is fully anonymized, the company says. It's similar to a mobility tool Google launched using trends from Google Maps. Last week Apple and Google also announced plans to track people who come into contact with someone infected with coronavirus using their phones’ Bluetooth signals. Both companies pledged to shutter the app after the pandemic is over to allay privacy fears.

But it's unclear whether enough Americans would opt in to make such efforts a success, my colleague Cat Zakrzewski reported. And experts tell The Cybersecurity 202 they worry any surveillance programs launched during the pandemic may be repurposed for unrelated objectives later.

PWNED: A digital attack last month compromising the Windows passwords of users who visited two websites belonging to San Francisco International Airport was likely the work of hackers linked to the Russian government,  Catalin Cimpanu at ZDNet reports. Researchers at the cybersecurity firm ESET believe the Russian hacking group dubbed Energetic Bear planted a bug in the SFO computers aimed at stealing passwords and other credentials from people who visit the website. 

The airport reset all employee passwords after ESET reported the attack and removed the malicious code from its website. Officials there are also urging visitors to the website to reset their passwords.


Sen. Amy Klobuchar (D-Minn.) continued her push for voting by mail during the pandemic in a New York Times opinion piece asking “Trump Votes by Mail. Why Can’t Everyone?”

“We must reform our election systems, so that sheltering in place can also mean voting in place, she wrote. “And we must do it now, while we still have the time to preserve everyone’s ability to vote in November.” 

— More cybersecurity news from the public sector:

Sidelined by Coronavirus, Congressional Leaders Face Pressure to Vote Remotely (The New York Times)

IRS warns of hackers targeting tax professionals during coronavirus pandemic (The Hill)

Reality Winner seeks to complete sentence in home confinement amid coronavirus concerns (CyberScoop)


— Cybersecurity news from the private sector:

Passwords and email addresses for thousands of Zoom accounts are for sale on the dark web (NBC News)

Exclusive: Google removes 49 Chrome extensions caught stealing crypto-wallet keys (ZDNet)


— Cybersecurity news from abroad:

Attackers are using a Brazilian hacking tool against Spanish banks (CyberScoop)


  • The Open Technology Institute will host an online event on work-from-home digital security on April 21 at 11:00am.