Hackers Use Pandemic-Related Tactics in Phishing Scams
During the pandemic, Texas Children’s has seen a 100 percent increase in scam emails related to the coronavirus, COVID-19 and personal protective equipment, Tonthat says. Many of the attacks targeted the supply chain and accounts payable groups.
“Email could be our worst enemy sometimes because that’s the gateway in,” she says. When suspicious emails come in, Tonthat’s team reviews those that pass through the email security stack to confirm their validity.
“We see it happen all the time — there has definitely been an increase during COVID,” Tonthat says. “We’ve been faced with many targeted attempts around PPE-type fraud schemes.”
Luke McNamara, a principal analyst at the Mandiant Threat Intelligence unit of FireEye, saw the incorporation of COVID-19 into various phishing campaigns as a theme amid the surge of cases in the U.S. last spring, similar to the jumps in thematic phishing that happen during tax season or the holidays. Such emails often have a malicious link or attachments, he says.
“The intent is to get the user to open that file and deploy the malware — unwittingly, of course — or click on a link and enter their credentials into what appears to be a legitimate web page, which then get captured,” McNamara says.
Any emails with COVID-19 in the subject line or in an attachment filename should be examined carefully.
Texas Children’s has established multiple layers of defense for email. The stronger the security, the more likely actors will give up and go to an easier target, Tonthat says. She notes that customers using Microsoft 365 gain an additional layer of email defense.
A proper security setup includes multiple controls such as a proxy, network firewall, application-level firewalls, encryption, dedicated denial of service protection and two-factor authentication, Tonthat says. She also advises that, where possible, organizations consider geolocation blocks to guard against overseas threat actors.
Health systems also should implement systems like “tap and go” to log on to EHR systems, and facial recognition is another tool for consideration. Together, password, badge and physical access comprise the multiple layers of strong access management for a hospital.
Texas Children’s conducts phishing simulations to train staff to respond appropriately to malicious emails. The idea is to ensure that physicians, nurses and staff aren’t caught off guard as they focus on attending to patients, Tonthat says.
During the pandemic, simulations to enhance workforce vigilance have been considered critical, she said.
“We send them a phishing email, and we monitor who clicks, who forwards, and make sure they take the required training,” Tonthat says. “Cybersecurity is everyone’s responsibility. During the pandemic, we have engaged our executives to help raise awareness of cybersecurity threats to their teams, and we have seen a very positive shift in human behavior.”
Ransomware Poses a Threat to Health Systems
Ransomware has been one of the biggest threats facing hospitals, particularly the prospect of this type of attack slowing down a health system in the middle of a pandemic.
“The fact that they could be disrupted by these operations is certainly something that is concerning,” McNamara says.
In 2020, in addition to installing ransomware on PCs, threat actors exfiltrated data and publicly posted it online, which caused privacy and regulatory issues. To avoid losing data during an attack, healthcare organizations should secure and back up data off the network, McNamara advises.
In October, the FBI, Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services alerted Texas Children’s about cyberthreats related to ransomware targeting providers, Tonthat says.
Among other threats, she points to the danger of financially motivated, nation-sponsored hacking. “You steal the data to sell it on the dark web and disrupt operations because you believe you will be able to get a ransom by the victim organization,” she says.