Coronavirus: Cyber criminals threaten to hold hospitals to ransom – Interpol
As hospitals around the world struggle to handle the influx of COVID-19 patients, cyber criminals are threatening to exploit the crisis and hold them to ransom, according to an Interpol warning.
The agency has issued a global alert to healthcare organisations about ransomware attacks, in which criminals lock organisations out of their own computer systems until a ransom is paid.
It follows a rare warning from one of the UK’s intelligence agencies about criminals using the coronavirus outbreak to launch online attacks.
This week NHS Digital issued guidance for healthcare providers warning about malicious COVID-19 related cyber activity.
It advised them on how to spot potential attempts by hackers to dupe staff into following links to malicious websites, or open attachments which would allow the criminals into their computer systems.
Interpol’s cybercrime threat response team said it has detected a “significant increase” in these kinds of attacks, noting a rise in the number of attempted ransomware attacks against key organisations around the world.
It has alerted all 194 of its member countries and is working with the cybersecurity industry to gather information about the attacks as well as assisting national police forces.
Jurgen Stock, Interpol’s secretary, has warned that the attacks could be deadly if they were to strike as resources are stretched to the maximum during the outbreak.
“As hospitals and medical organisations around the world are working non-stop to preserve the well-being of individuals stricken with the coronavirus, they have become targets for ruthless cybercriminals who are looking to make a profit at the expense of sick patients,” he said.
“Locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.”
“In a healthcare setting, if adversaries compromise already stretched systems – it becomes a critical operational issue that may have serious consequences on the organisation’s ability to properly run day-to-day operations,” explained George Kurtz, the chief executive of cyber security firm Crowdstrike.
In a statement sent to Sky News, NHS Digital said: “This is a time of unprecedented stress on the NHS, not least for the cyber security and IT teams who are continuing to work hard in all NHS organisations to keep patient data and systems secure, to continue to deliver safe patient care.
“NHS organisations ultimately are responsible for their own cyber security risk, however we work together to face and tackle the challenges around cyber security.
“We are advising organisations to remain vigilant to any suspicious emails from people they do not know, to follow our guidance on reporting them, and to ensure virus definitions are updated and security vulnerabilities are patched.”
In March, Sky News saw a copy of a scam email sent to a number of healthcare organisations that pretends to be from each firm’s internal IT team.
The email – which has the subject “ALL STAFF: CORONA VIRUS AWARENESS” – tells employees that “the institution is currently organising a seminar for all staff to talk about this deadly virus”, asking them to click on a link to register.
The link takes anyone clicking on it to a third-party website disguised as an Outlook web app. Anyone who fills in that form ends up giving their details to the hackers.
So far, there has never been a cyber attack in the UK which has directly led to the loss of life. However, the National Cyber Security Centre has said it is only a matter of time before a so-called Category One incident occurs.
There have been 34 Category Two incidents which have required high level involvement among government departments and agencies – including the WannaCry ransomware attack which hit the NHS in 2017.
It was largest ever cyber attack on the health service and it left staff locked out of hundreds of NHS computers, leading to thousands of appointments being cancelled and some A&E departments having to turn away ambulances.
An assessment by western intelligence agencies laid the blame for the attack at the feet of a North Korean hacking organisation known by researchers as the Lazarus Group.
An investigation by US authorities managed to identify a North Korean man who was part of this group in an indictment charging him and alleged co-conspirators with the cyber extortion attack.
Britain’s NCSC obtained critical evidence which was able to link the NHS attack to others already being investigated in the US.