05 May 2020

Cybersecurity agencies warn of criminals targeting healthcare firms

05 May 2020

Cybersecurity agencies in the UK and US have issued a joint warning to healthcare and medical research staff, urging them to improve their password security.

The two agencies say they have seen cybercriminals targeting healthcare bodies, particularly those involved in coronavirus response.

The UK’s National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory urging staff to change any passwords to one created using three random words, and to implement two-factor authentication on accounts to reduce the threat of compromises.

The agencies say they have seen a number of “password spraying” attacks, where hackers attempt to access a large number of accounts using commonly known passwords, targeting healthcare organisations and other medical groups.

The two bodies said they believe criminals were targeting such organisations in the hope of gathering information related to the coronavirus outbreak.

Paul Chichester, NCSC director of operations, said: “Protecting the healthcare sector is the NCSC’s first and foremost priority at this time, and we’re working closely with the NHS to keep their systems safe.

We recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password-spraying campaigns

“By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.

“But we can’t do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password-spraying campaigns.”

Last month, the NCSC launched its Suspicious Email Reporting Service, following an increase in the number of Covid-19-related email scams, which allows the public to forward emails directly to the centre in order to report suspected scams.

In its first week, the NCSC said the service received more than 25,000 reports, which resulted in 395 scam websites being taken down.

Bryan Ware, CISA assistant director of cybersecurity, said it was prioritising its services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus.

“The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organisations, specifically during this time as healthcare organisations are working at maximum capacity,” he said.

Speaking at the daily coronavirus briefing, Foreign Secretary Dominic Raab added: “We’re working with the targets of those attacks, with the potential targets, and with others, to make sure that they’re aware of the cyber threat and that they can take the steps necessary to protect themselves and at the very least mitigate the harm that could be brought against them.

“There are various objectives and motivations that lie behind these attacks, from fraud on the one hand, to espionage, but they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims, and they’re often linked with other state actors.

“We expect this kind of predatory, criminal behaviour to continue and to evolve over the coming weeks and months ahead, and we’ll be taking a range of measures to tackle that threat.”

The best videos delivered daily

Watch the stories that matter, right from your inbox