While the world is busy looking for ways to battle the coronavirus (COVID-19), cybercriminals are busy looking for ways to capitalize on our fear and uncertainty. Many of them appear to be especially interested in taking advantage of healthcare facilities, including practices like yours.
By exploiting vulnerabilities, cybercriminals are capable of hijacking your operations, extorting your business, and crippling your practice. In many cases, unfortunately, cybercriminals don’t have to work too hard to find your infrastructure’s weak spots.
According to The Human Factor 2019 Report by cybersecurity company Proofpoint, 99% of the threats they observe require at least some degree of human interaction to execute—whether it’s clicking a link, opening a file, opening a document, or entering credentials.
Cybercriminals take advantage of human vulnerability more than software vulnerability, which is why you must stay informed and updated on how they do what they do:
Phishing emails are the most popular means by which cybercriminals attack. They are emails claiming to be from legitimate organizations, but the goal is to deceive users into providing sensitive information such as usernames, passwords, and credit card information.
To capitalize on the Coronavirus outbreak, cybercriminals prey on people’s fear, panic, and desperation. Early in the year, for example, phishing emails made to look like COVID-19 alerts, health advice, and announcements from the Centers for Disease Control and Prevention (CDC) made the rounds in people’s inboxes. They contained malicious links and attachments that, when opened, could be used to infect and lock the users’ computers.
So what can you do? The FBI Internet Crime Complaint Center (IC3) advises everyone to be wary of emails, apps, and websites that claim to offer information about COVID-19. Do not open the links or attachments they contain. Note that government agencies do not send out unsolicited emails asking for money or private information from you. If you’re unsure of the legitimacy of some emails, it’s best to contact a certified IT expert.
Malicious Tools and Apps
Cybercriminals know how people think and how they’re likely to respond to stressful times. This information allows those criminals to know which tools and techniques to use to get their plans going. During crises, many people are so hungry for updates and information that they become susceptible to malicious lures disguised as useful tools or applications.
For example, Android phone apps claiming to provide statistical and tracking information about the COVID-19 outbreak have been popping up all over the US. Unfortunately, when downloaded, these apps can either implant malware or illegally access your phone’s camera, microphone, and messages.
So what can you do? Of course, you first need to ensure that no sensitive patient data can be found on your mobile phone. They must be securely stored in a HIPAA-compliant environment.
Don’t install pirated or fake apps. You should also avoid sideloading or downloading apps that are outside Google’s official Play Store. If you need to, then make sure the app that you’re sideloading is from a source you trust.
Distributed Denial-of-Service (DDoS) Attacks
A distributed denial-of-service (DDoS) attack is the act of overwhelming an online service with traffic from several compromised sources in order to render the service unavailable to legitimate users.
On March 15th, the US Department of Health and Human Services (HHS) website itself became a target of a DDoS attack designed to slow or shut down the agency’s servers. Fortunately, the incident appears to have been unsuccessful and no full breach took place.
While motives for DDoS attacks can vary from one incident to another, these are likely to trigger panic and cause disruption, especially in the middle of a startling pandemic.
So what can you do? There are different types of DDoS attacks, which means that the ways by which they are prevented or mitigated can vary as well. You can start by ensuring a defense strategy and response plan are in place so you know exactly what to do once disaster strikes.
On an individual user’s level, using strong, complex passwords that are regularly changed can go a long way as a countermeasure for a DDoS attack.
Don’t Let Cybercriminals In
We are in the middle of a global coronavirus pandemic, and the last thing your practice needs right now is a threat to your data, IT infrastructure, and business operations. Unfortunately, preying on the vulnerability of healthcare facilities is exactly what many cybercriminals have in mind these days.
Keep cybercriminals from taking advantage of human vulnerability by staying informed, vigilant, and prepared for their moves. Keep them from taking advantage of software vulnerability by making sure your network is equipped with the most essential safeguards.
MG Hosting Services is a company dedicated to protecting the healthcare industry from the growing threats of cyber attacks and data theft. A practice’s first line of defense against cybercriminals, they are highly trained IT specialists and cloud engineers ready to serve the technical needs of healthcare professionals 24/7. With offsite data storage, military-grade data encryption, and full remote work support, they can prepare practices for anything that comes next. Learn more on their website, and find more posts like this one on their company blog.