Canada’s health sector faces an elevated risk of cyberattacks and intellectual property theft as criminals and state actors try to exploit global anxiety over the COVID-19 pandemic, according to Canada’s foreign signals intelligence agency.
The Communications Security Establishment issued an alert today warning that health organizations involved in the national response to COVID-19 face an “elevated level of risk” of cyber security incidents.
“There’s a lot of unscrupulous actors out there in the criminal area, as well as states, but I would say mostly criminals who are going to look to take advantage of anybody where they think they can make a buck here,” Scott Jones, head of the CSE’s Canadian Centre for Cyber Security, told CBC News.
“They don’t operate by the same ethics that the rest of us do.”
The CSE says sophisticated threat actors could target Canadian medical research labs working on vaccines or other remedies through manipulation or spear-phishing campaigns, or by going after critical vulnerabilities as more housebound employees connect with their workplaces through VPNs (virtual private networks).
Jones said intellectual property theft — through stealing or corrupting data generated by Canadian researchers — is a “lower probability” threat but one that would be “very high impact.”
“We’re saying, ‘OK this is a time to maintain vigilance, because you will be targeted,'” he said
Ransomware attacks could rise
Criminals might also try to take advantage of the heavy pressure being placed on Canadian health organizations in order to extract ransom payments, said Jones.
“They’re extremely busy and so that that means your defences are going to be a little bit lower, you’re going to click more willingly,” he said.
Jones said there have been no specific attacks on Canada’s health sector, but there have been incidents elsewhere in the world.
Over the weekend, the U.S. Health and Human Services Department reported a cyberattack on its system. People familiar with the incident called it a disinformation campaign aimed at disrupting the United States’ response to the pandemic — and suggested it might have been the work of a foreign actor.
Successful attack would be ‘bedlam:’ threat analyst
The CSE’s warning says the impact of a ransomware incident on Canadian organizations involved in supporting Canada’s response to COVID-19 could be more severe because of the pandemic.
Brett Callow, a threat analyst for the cyber security firm Emsisoft, said a successful cyber hit on a health organization could be “bedlam.”
“The health care system is already going to be stretched to its limits and a cyberattack during this crisis could tip the balance and result potentially in a significant loss of lives,” he said. He said his company is offering ransomware decryption and negotiation services for free to healthcare providers during the pandemic, and is asking other firms to pitch in.
“The number of attacks against health care providers over the last 18 months would indicate that their systems aren’t as secure as they could be,” Callow said.
The CSE alert says organizations connected to COVID-19 response should increase their monitoring of network logs, remind employees to practice phishing awareness and ensure that servers and critical systems are updated.
“During a crisis time, you start to minimize changes — which means you aren’t applying patches, you aren’t maybe doing all the things that are normal, good cyber-hygiene because you’re trying to keep your system stable so you can continue working,” said Jones.