While our nation’s healthcare facilities, government agencies, and businesses are contending the COVID-19 pandemic, ruthless hackers and scammers, are looking for vulnerabilities and hoping to take advantage of an already bad situation. They’re scoping out organizations that have inadvertently, to some extent, let their guard down during this unprecedented time, particularly in the area of IT and cybersecurity. And, they’re hoping to reap the benefits, especially cash.
As reported by The Hill, major agencies including the Department of Health and Human Services (HHS) and the World Health Organization (WHO) have been targeted by hackers in unsuccessful but ongoing attacks.
Further, health agency websites have been targeted by ransomware attacks, including the website of the Champaign-Urbana Public Health District in Illinois. It serves the needs of approximately 200,000 people. According to The Hill, the agency’s website was offline for several days while experts struggled to bring it back up, significantly limiting the ability of health officials to communicate with the public.
Long before COVID-19, cyberattacks (particularly ransomware) were steadily on the rise. Take the City of New Orleans, Louisiana, for example. A cyber attack in December 2019 actually forced Mayor LaToya Cantrell to declare a state of emergency. And, believe it or not, that was the third cyber attack in a single year. The first occurred in July 2019 when school district computers had to be taken offline; the second took place in November 2019 when state government websites and other digital services had to be deactivated.
And, Louisiana clearly wasn’t alone. According to the lab report, “The State of Ransomware in the US: Report and Statistics 2019,” published by Emisoft Malwar Lab, Inc., at least 948 government agencies, educational organizations, and healthcare providers were victims of ransomware attacks in the U.S. in 2019. Of greater concern, the report states that the “unprecedented and unrelenting barrage of ransomware attacks attributed to more than $7.5 billion in losses.” The following few headlines support the lab’s findings:
- 22 Texas Towns Hit With Ransomware Attack In ‘New Front’ Of Cyberassault
- Hackers Are Holding Baltimore Hostage: How They Struck and What’s Next
- Hit by Ransomware Attack, Florida City Agrees to Pay Hackers $600,000
- Second Florida city pays giant ransom to ransomware gang in a week
- Mississippi City Operations Disrupted By Ransomware
- 3 Alabama Hospitals Pay Hackers Ransom to Restore System
- California Provider to Close After Ransomware Attack Damages System
- Hackers Demand $1M in Grays Harbor Ransomware Attack
If you think such attacks can’t (or won’t) happen to your healthcare facility, government agency, or business, especially now, think again. Hackers and scammers are always on the lookout for the chance to do their dirty work. And, the COVID-19 pandemic, which has obviously preoccupied us all, is the perfect opportunity for them to take advantage.
As a reminder, mitigation and preparedness are key to preventing, addressing, and overcoming cybersecurity events. Take the usual precautions of using the latest antivirus/antispyware software available, and keeping applications and operating systems current. Also, adopt a formal internet use and email policy, and train employees in basic cybersecurity principles. Last, but certainly not least, have a plan of action just in case your organization becomes the next victim of a cyberattack.
With 10,000+ plans under its belt, BOLDplanning is the preeminent developer of online software for Emergency Operations (EOP) plans, Continuity of Operations (COOP) plans, and Hazard Mitigation plans. The company’s team of experts is also well-versed in facilitating HSEEP-compliant exercises to help ensure organizational preparedness for cyberattacks, natural disasters, and other disruptions.
