Security Warning to Operators of Essential Services in the Health Sector against Cyber Threats and Attacks

The National Cyber Security Centre SK-CERT warns operators of essential services in the health sector (hospitals, healthcare providers, testing laboratories and other healthcare facilities), as well as all other organizations of public administration and operators of essential services in other sectors against possible increasing of cyber threats and attacks on their systems and networks.

As the healthcare facilities are currently not only experiencing the onslaught of patients but are also introducing special security measures due to COVID-19, they may be less able to detect and handle cybersecurity incidents. SK-CERT observes a markedly increasing trend in attacks exploiting this situation.

On 13 March 2020 in the morning, the University Hospital in Brno-Bohunice reported a cybersecurity incident [1]. Although, currently it is not publicly known what type of incident it was or what damages it caused, it is a precedent to which particular healthcare facilities must be prepared. The CheckPoint report [2] also mentioned the case of one particular APT group, which is currently targeting organizations of public sector, using the alleged “information on the spread of new coronavirus infections” as an input document to launch an attack. SK-CERT also observe an increase in DDoS attacks between 17 February and 15 March, including attacks on sites with the health content in Slovakia.

Ransomware attacks or DoS attacks can be expected, then also spreading malware or phishing campaigns using the identity theft and fake documents about the new coronavirus; however, other types of attacks aimed at stealing the sensitive data or destroying the systems are not excluded as well.

The National Cyber Security Centre SK-CERT recommends to all healthcare facilities (but also to all other organizations of public administration and operators of essential services):

  • check backup functionality and whether they can reliably maintain a backup copy of data in case of attack,
  • monitor your systems and networks – focus on outages and abnormal behaviour,
  • review your business continuity plans and update them if you find any vulnerabilities,
  • keep updated information on technologies, processes, and IT staff – whether all technical tools are working and are updated, whether established processes are well set up, and whether staff is ready to detect and handle cybersecurity incidents,
  • quickly instruct all employees about how to work safely with the computer, especially about not to open attachments in mails, click on links, and so on, even if the mail comes from a familiar or trustworthy person,
  • publish your cybersecurity manager’s contact email address for employees and instruct them to report any suspicion of cybersecurity incident, malicious files received, attempts to gain access to the organization’s systems, mails, etc., or attempts to obtain any personal data,
  • immediately report any cybersecurity incident to the National Cyber Security Centre SK-CERT at the National Security Authority at https://www.sk-cert.sk,
  • if you need any assistance in the field of cybersecurity, contact immediately the National Cyber Security Centre SK-CERT.

All warnings and recommendations of the National Cyber Security Centre SK-CERT regarding coronavirus and COVID-19 can be also found at https://www.korona.gov.sk/varovania-narodneho-centra-kybernetickej-bezpecnosti-sk-cert/.

Sources:

[1] https://nukib.cz/cs/informacni-servis/aktuality/1417-fn-v-brne-bohunicich-dnes-nahlasila-nukibu-kyberneticky-bezpecnostni-incident/

[2] https://research.checkpoint.com/2020/vicious-panda-the-covid-campaign/


« Späť na zoznam
Current threats
all publications
Links