On March 11, 2020, the World Health Organization declared the coronavirus (COVID-19) outbreak a global pandemic. As the healthcare industry scrambled to address the crisis, attempting to save millions of lives, hackers saw this as the perfect time to strike. While it’s proven difficult for authorities to identify the culprits of these attacks, state-backed hackers have been known to use cyberattacks to gather COVID-19 information and disrupt other nations’ efforts to fight against the pandemic.
Since the outbreak, the sheer sophistication and scale of cyberattacks against the healthcare industry has been unprecedented. In fact, the so-called “Cyber Pandemic” was so alarming that the CyberPeace Institute, along with the International Committee of the Red Cross, brought together notable figures (including former UN Secretary-General Ban Ki-moon, Microsoft President Brad Smith, and former President of Mexico Ernesto Zedillo) to call on nations to stop cyberattacks on healthcare during the pandemic. Unfortunately, the attacks did not stop, and have not stopped.
Below is our list of the 9 most significant cyberattacks against healthcare since March 2020 in chronological order:
Since the beginning of the pandemic, the WHO has faced an intense wave of cyberattacks, including attacks attempting to trick staff members into downloading malware on their computers or phones (as much as a five-fold increase!). One of the many cyberattacks included Iranian-backed hackers attempting to access WHO staff email accounts. The state-sponsored hackers launched a phishing campaign against WHO staff, pretending to be Google web services to steal their passwords. Although it’s unclear if any accounts were compromised, it’s clear the WHO continues to be targeted by hackers willing to threaten the world’s collective pandemic response in their attempts to steal COVID-19 data.
One day after the Czech government declared a state of emergency due to the pandemic, Brno University Hospital, one of the largest COVID-19 testing facilities in the country, was hit by a cyberattack. The ransomware attack paralyzed the hospital’s computer networks, forcing doctors to postpone operations and relocate incoming patients to nearby hospitals. Even though the hacker group’s identity and affiliation are still unknown, the incident raised Europe’s awareness of not only the importance of hospital cybersecurity, but also the seriousness of cyberattacks against healthcare institutions.
The United States Health and Human Services Department (HHS), charged with protecting US citizens’ health and delivering essential health services, found itself the target of a distributed denial of service (DDoS) attack in March 2020. HHS servers were flooded with millions of requests over several hours in an attempt to impair access to the site. Thankfully, HHS systems proved resilient and the cyberattack did not significantly slow down the department’s computer systems. While the US government has not officially attributed the cyberattack to any nation yet, officials believe a foreign actor was responsible for the attack in an attempt to hinder the department’s COVID-19 response.
Germany’s Düsseldorf University Hospital fell victim to one of 2020’s most infamous cyberattacks. After the ransomware attack infected 30 servers, the university hospital’s systems crashed, forcing the hospital to turn away incoming emergency patients. As a result, a patient in critical condition had to be re-routed to another hospital over 20 miles away and later passed away. Even though Cologne’s chief public prosecutor, Markus Hartmann, stated the cyberattack was ultimately not responsible for the patient’s death, the incident gave the world a dark glimpse into the possibility of a cyberattack claiming the life of a civilian.
Major US-based hospital chain with more than 400 locations across the US and the UK, Universal Health Services (UHS), was hit by the sophisticated cyberattack in September 2020. UHS’s IT systems were taken down by the notorious “Ryuk” ransomware attack, keeping medical staff from accessing patient records and forcing ambulances to be rerouted to other hospitals. Considered to be one of the largest medical cyberattacks in US history, the ransomware attack disrupted healthcare services for thousands of patients across dozens of facilities.
British pharmaceutical company AstraZeneca was targeted by alleged North Korea-backed hackers in November 2020. Attempting to steal information about the company’s COVID-19 vaccine, the hackers used a sophisticated phishing campaign to access AstraZeneca staffs’ computers. Posing as LinkedIn and WhatsApp job recruiters, the hackers lured targeted staff members with fabricated job opportunities to have them provide personal information and download malware. Even though the state-sponsored hackers went to extreme lengths to gain vaccine information, it is believed the campaign was not successful.
IBM and the US Cybersecurity and Infrastructure Security Agency discovered cyberattacks against organizations linked to the COVID-19 vaccine distribution chain. Looking to steal information about the vaccine refrigeration process, the hackers launched a phishing campaign against organizations involved with the Cold Chain Equipment Optimization Platform (CCEOP) of Gavi, including UNICEF, the World Health Organization, and the Bill & Melinda Gates Foundation. Although the hackers have not been identified, IBM stated their tactics indicated they were likely backed by a nation-state.
In December 2020, The European Medicines Agency (EMA), responsible for evaluating and supervising medicinal products, stated it had been a cyberattack victim. The agency revealed hackers had gained access to BioNTech/Pfizer’s COVID-19 vaccine submission documents. The cyberattack did not impact the agency’s vaccine review process, but the stolen data was altered and leaked online in an attempt to undermine public trust in the EMA’s vaccine approval procedures. Although the high-profile cyberattack has no attribution yet, it did raise awareness about criminal and state-sponsored hackers’ dangerous attempts to obtain and distort the latest data about the pandemic.
In 2021, a malicious cyber operation was launched against Bharat Biotech and Serum Institute of India (SII), the world’s largest vaccine maker. Cyber intelligence firm Cyfirma identified China-backed threat actor group APT10, also known as Stone Panda, as the perpetrator, finding that the group used computer system vulnerabilities to gain access to both organizations’ COVID-19 vaccine data. Unfortunately, this hack is only a drop in the bucket when it comes to the onslaught of cyberattacks against India’s healthcare industry in 2020. According to Check Point Research, there was a 37% increase in cyberattacks, including criminally-motivated attacks, against healthcare organizations in India during November 2020 and December 2020 alone.
Our hospitals and healthcare organizations should not be fighting a global pandemic with one hand while defending against sophisticated cyberattacks with the other. Our world leaders need to establish cyber rules and norms that prevent these disturbing attacks from happening, and we need to hold them accountable until they do so. So, digital citizens, keep fighting for digital peace because when it comes to cyberattacks against healthcare, your efforts could save lives.