It's well known in the IT world that when crisis hits, hackers tend to leverage that disruption to their advantage—and the new coronavirus pandemic has been no exception.
An analysis from cybersecurity company Barracuda Networks found that phishing scams tailored to the pandemic jumped 667% between February and March. In fact, between March 1 and March 23, Barracuda detected 9,116 phishing attacks related to Covid-19, representing about 2% of all phishing attacks detected during that time period. While that percentage may seem small, the data indicated that Covid-19 tailored attacks were on the rise—and a recent warning from FBI, HHS, and the Cybersecurity and Infrastructure Security Agency (CISA) suggest that those types of attacks remain, and will continue to be, a key threat for health care organizations moving forward.
Not only are these phishing attacks increasing in number, but they're also increasingly sophisticated. Hackers today rarely include odd spelling or strange requests that put recipients on guard. Instead, today's phishing emails are designed to feel personal, as if they came from a colleague or boss, and are structured to evoke a sense of urgency, so that recipients respond quickly and without much thought. Amid the new coronavirus pandemic, hackers have taken advantage of the confusion around supply chain shortages, public health updates from the World Health Organization (WHO), and daily business communications.
In April, FBI's Cyber Division issued a Flash alert highlighting some of the most common subject lines being used in Covid-19 phishing attacks targeting health care providers:
Notably, the email subject lines FBI highlighted play on providers' need to stay up to date on Covid-19 news. And in addition to leveraging subject lines, hackers have been relying heavily on email impersonation, making it appear as if the email is from prominent organizations such as WHO or CDC, according to Barracuda.
While health care organization should always protect patient information and PHI against hackers, the need to defend yourself—and your organization—is even greater during the pandemic.Technology can definitely help reduce the risk of a successful phishing attack, and organizations absolutely should consider investing in or updating existing antivirus software, email filters, and blacklisting and whitelisting sites. (To learn more about some of these strategies, view our cheat sheet here.)
But technology alone is not enough. You need each of your employees to make sound decisions in how they navigate the internet and their email. Here are three key ways to build a "human firewall":
Our cheat sheet provides a quick primer on cybersecurity, how it can be addressed in health care, and the impact on health care providers and IT leaders.
Create your free account to access 2 resources each month, including the latest research and webinars.
You have 2 free members-only resources remaining this month remaining this month.
Never miss out on the latest innovative health care content tailored to you.