COVID-19 Hacker Scams Target Canadian Healthcare Industry
How Healthcare Industry Leaders Need COVID-19 Hacker Solutions
Knowledge may be the most powerful asset Canadians possess during the COVID-19 outbreak. Knowing these hackers scams and IT deterrents could prove invaluable.
While good Canadians continue to make every effort to slow the spread of COVID-19, a criminal element levels attack after attack on the healthcare industry. It may seem inconceivable that hackers would target some of the most critical services. But a frightening uptick in COVID-19 scams plague the internet. The Canada Centre for Cyber Security recently issued an alert that these emerging cyberattacks threatened the healthcare system.
“The Cyber Centre assesses that the COVID-19 pandemic presents an elevated level of risk to the cybersecurity of Canadian health organizations involved in the national response to the pandemic, including but not limited to medical research, manufacturing, distribution and policy-making organizations,” the Centre’s alert states, noting the prevalence of the following pair of attacks.
- Sophisticated threat actors may attempt to steal the intellectual property (IP) of organizations engaged in research and development related to COVID-19, or sensitive data related to Canada’s response to COVID-19.
- Cybercriminals may take advantage of the COVID-19 pandemic, using the increased pressure being placed on Canadian health organizations to extract ransom payments or mask other compromises.
In a time of crisis, the cybersecurity professionals at Pure IT would like to provide a definition of the threats our government identified, and offer solutions.
Digital Thieves Deploy Three Primary COVID-19 Attacks
The Cyber Centre outlines three broad methods being used by digital scammers to deliver malicious applications or breach healthcare industry systems. To detect and defend, industry leaders would be wise to educate vital personnel working onsite or remotely. Knowledge can be a powerful tool when a hacker tries to gain trust to penetrate cyber-defences. These are the three areas of heightened concern, according to the Cyber Centre.
Sophisticated Threat Actors
These experienced and nefarious criminals are likely to target Canadian organizations, including those working on pandemic defence and medical research. Bad actors attempt to gain access to networks and pilfer off valuable information about political responses, vaccines, and salient develops that can be leveraged for profit. The Cyber Centre anticipates sophisticated actors are likely to use “social engineering, spear-phishing campaigns, critical vulnerabilities, compromised credentials or a combination of these and other threat vectors.”
Generally delivered through direct emails that manipulate health industry workers sympathies and anxieties, employees new to work-from-home cybersecurity are considered a heightened risk of suffering a breach. Healthcare industry decision-makers are tasked with providing enterprise-level cybersecurity for Cloud-based efforts. According to the alert, “the Cyber Centre strongly advises that all organizations become familiar with and practice their business continuity plans, including restoring files from back-ups and moving key business elements to a back-up infrastructure.”
While digital hijackers generally rely on the human factor to penetrate cybersecurity, many organizations suffer weaknesses from unpatched software, unsecured wireless routers, lack of business-grade firewalls, outdated antivirus software, and non-existent or deficient Virtual Private Networks, among others.
Hackers relentlessly troll for cybersecurity gaps and healthcare operations that recently transitioned or increased remote workforces are likely to be at significant risk.
Commonly Used COVID-19 Scams
Understanding the methods used by online con artists may not necessarily help non-IT professionals identify unique scams. These are common COVID-19 scams that have reportedly been recognized by the Canadian Anti-Fraud Centre, according to reports.
- HVAC and other outfits offering COVID-19 duct cleaning
- Fake Centers for Disease Control and Prevention (CDC), or World Health Organization (WHO) messages claiming to have lists of infected people in your areas.
- Phony Public Health Agency of Canada contact frightening people through electronic messages saying they tested positive
- The Red Cross or other organizations directly contacting people to receive free products, supplements or asking for donations
- Private-sector organizations claiming to have cures, vaccinations, or testing kits available
- News alerts or sympathy emails designed to entice Canadians to open it and click on a link. Once someone does that, malicious software, including ransomware, seizes valuable data and could hold your entire organization hostage.
At Pure IT, our experienced managed IT experts work closely with healthcare organizations in Calgary to deliver determined cybersecurity. Given the unprecedented level of disruption, our healthcare sector businesses must have enterprise-level cybersecurity, and that includes secure remote connectivity.