The COVID-19 pandemic (commonly referred to as the Coronavirus) is having an incredible impact on our lives. Countries like China and Italy are in complete lockdown, and the US-Canada border is closing for the first time in nearly twenty years. For many, our lives are fundamentally changing, and the future is feeling uncertain.
However, COVID-19 has brought about changes in unexpected areas of our lives, in particular surrounding our data security. Cybercrime has been noticeably increasing, and there are concerns that ransomware attacks could disrupt both government and healthcare organizations. Here’s everything you need to know, including how to stay safe.
The past year was not great for your data security. There were innumerable data breaches and billions of records were exposed. What has been notable is that there has been an increase in government agencies and healthcare companies becoming victims of data breaches. To give you some perspective, the following government or healthcare organizations were hacked in the last twelve months: the United Nations, the US Defence Information Systems Agency, LabCorp, LifeLabs, Bulgaria’s National Revenue Agency, Los Angeles County Dept. of Health Services, Maryland Dept. of Labor, and many, many more.
Why exactly has there been an increase in targeting these types of organizations? There are a couple of reasons. The first is that, unfortunately, government agencies are generally not the most technologically advanced when it comes to cybersecurity and this makes them a prime target for data breaches. Old computer systems and out of date security measures allow hackers easy access. Obviously, this is not the case with every government system, but the majority do not have state-of-the-art security protocols in place to prevent breaches.
Secondly, the data that healthcare and government organizations hold is incredibly valuable. In particular, there has been a rise in medical identity theft over the past few years, which makes medical records very appealing to hackers. Additionally, if a criminal has your social security number, they can steal your tax refund. Even if they don’t use the information themselves, hackers can sell your data to other criminals who can then steal your identity or use it to extort funds from you.
Thirdly, most major countries have their own government-backed hacking groups that they use to target rival countries. Naturally, confidential information and disrupting services like healthcare hurt the most, which makes them prime targets. While individuals are rarely the targets of these types of hacks (unless you’re a high ranking official), they can certainly have a major impact on your life.
What the past couple of years have shown us is that your data is not safe in the hands of organizations. Unfortunately, when it comes to government and healthcare related services, you don’t have much of a choice when it comes to handing over your personal information. However, it has been a wake up call for many organizations, especially with laws like the GDPR and California Consumer Privacy Act that make a lack of security and a lack of response punishable by law.
During any tragic event, there are always people trying to capitalize off of it, and the Coronavirus is no exception. Cybercrime around the global pandemic has increased over the past few weeks, and in particular, phishing scams have used the virus as a theme.
What makes phishing scams work (some of the time) is that they create a sense of fear, urgency, or curiousity; feelings that are already elevated right now due to COVID-19. These are extremely powerful emotions that can cause you to make decisions you normally wouldn’t. If you receive an email that looks like it is from your government regarding the Coronavirus, your natural inclination is to do what the email says. Hackers are counting on you not taking a closer look, which is what makes phishing scams so effective. Using real human emotions to prey on innocent victims is called social engineering and can be incredibly powerful in the right (or wrong) hands.
In January and February 2020, Japan was hit by a massive phishing scam. An email appearing to be from a Japanese disability welfare service provider was sent out with an attachment supposed to contain important information about the Coronavirus. When the document was opened, malware was downloaded onto the victim’s computer. And this is only the beginning, there are certainly going to be more phishing scams in the future.
There has also been an uptick in website domains related to COVID-19, and the majority of these websites are 50% more likely to be malicious than other domains registered since January. All sorts of suspicious websites are claiming to sell testing kits, vaccines, and protective gear when in reality they are just capitalizing on fear.
If you’re unfamiliar with ransomware, it’s a pretty basic idea. Hackers gain control of a computer or other device and hold it for a ransom. If the victim fails to pay within a given time frame, then the victim loses access forever. Since ransomware is a criminal activity, sometimes paying the ransom doesn’t restore access at all.
It’s a pretty effective technique because it preys on your fear of losing all of your files, photos, messages, etc., that are stored on your devices. When you apply this to a medical or government setting, ransomware could have devastating consequences, especially during a global pandemic. Criminals are viewing this time as an opportunity rather than a crisis.
A recent report by RiskIQ proposes that criminals are going to leverage the Coronavirus pandemic to launch ransomware attacks, particularly on healthcare organizations. Why? Because healthcare organizations are going to be more likely to pay and willing to pay more to have data released, especially when lives may be at risk. The effects could be devastating, especially if hackers target COVID-19 response and relief efforts.
There is a very real fear in the cybersecurity community that ransomware is imminent, and that the effects it will have in the fight against COVID-19 could be devastating. In fact, ransomware attacks could lead to the spread of the virus if governments and health services are delayed in finding and relaying important information to the general population. So far, there is no evidence that hospitals and government agencies are being specifically targeted, but if the trend of increasing ransomware attacks continue, things could get ugly.
While there’s not a lot you can do to prevent a ransomware attack against a healthcare or government organization, there are some steps you can take to protect yourself against hackers. Here’s what we recommend:
These small steps could protect your data from being compromised. Given the uptick in ransomware attacks, hopefully government and healthcare organizations will update their security systems too. This is a trying time, in more ways than one.
The future feels very uncertain right now, in more ways than one. The effect that the Coronavirus is having on data security may seem like an unexpected one, but it is also incredibly important. Suspicious criminal activity is on the rise, and the elevated emotions surrounding COVID-19 could make them far more effective than normal. If ransomware is used on hospitals and government services, the effects could be truly devastating.
This is a difficult time for most of the population, however, for criminals it’s a time that could be very profitable. Crime never stops, even during a global pandemic. In meantime, we should remain hopeful that this chaotic time will soon be over, and that healthcare and government organizations are paying attention to the habits of cybercriminals.