SkOUT Threat Advisory 0021-20: Healthcare Facilities Targeted During COVID-19 Outbreak
Our partners at SkOUT Cybersecurity have alerted us to this current threat.
One of the Czech Republic’s biggest hospitals has been hit with a cyber-attack amid COVID-19 testing. Healthcare facilities, especially hospitals are advised to be on high alert. SKOUT recommends all organizations to be extra cautious during this time of crisis and understand that cyber attacks are likely to be on the rise.
Technical detail and additional information
What is the threat?
Brno University Hospital, the second-largest hospital in the Czech Republic has been hit with a cyber-attack while dealing with COVID-19 outbreak. While the technical details of the breach have not been released, hospital officials have stated that staff were forced to shut down the entire IT network during the incident. The security breach has forced Brno hospital to cancel all surgical procedures and re-route patients to nearby hospitals. The U.S. Health and Human Services Department also reported an unsuccessful attack on their network.
Why is this noteworthy?
Brno Hospital is one of the Czech Republic’s largest hospitals and has been conducting testing for the coronavirus where there have been 117 infections confirmed. As per the hospital’s director, “gradually, the individual systems were falling, so all computers had to be shut down, We are able to investigate patients, but we are not yet able to store data. Patient care is maintained, and we are working to be able to store data for hours.”
Although the target was a hospital in this instance, all organizations are susceptible at a time with significant changes to your systems allowing remote workers combined with high emotions.
What is the exposure or risk?
While Healthcare workers and administrative staff are working diligently during this time of crisis, attackers are using this as an opportunity to exploit staff via phishing and malware attacks related to COVID-19. The campaigns vary in exact messaging, but many have impersonated the Government organizations, The World Health Organization or HR departments issuing a warning.
What are the recommendations?
SKOUT recommends organizations to be extra cautious during this time of crisis and understand that cyber-attacks will continue to be on the rise.
- Ensure that users have strong and complex passwords in place.
- Provide security awareness training to users to spot phishing emails.
- Utilize strong next-gen endpoint protection that blocks malware such as SKOUT Endpoint Protection.
- Utilize email protection service that can spot malicious emails and attachments before users interact with it such as SKOUT Email Protection.
- Ensure users have the least amount of privileges on their accounts.
- Turn off macros in Microsoft Office. Documents that require macros should never be received through email.
- Use a trusted web proxy, this will typically block connections attempting to be made to malware command and control (CnC) servers.
- Make sure your system is kept up to date with the latest patches and updates.
If you are a target of phishing attempts, please report the email as soon as possible. CTI, in conjunction with SKOUT’s Security Operations Center, can help you perform an in-depth email analysis for our clients. We also can help you utilize state of the art sandbox tools to analyze any file attachments in question.
For more in-depth information about the recommendations, please visit the following links: