The COVID-19 pandemic has put many organizations—as well as many people—to the test. But if there is one group that has the respect and admiration of everyone because of the hard work they have done in recent months, it is healthcare workers, who have been on the front line, risking their lives to save other people.

However, in spite of all their efforts, this sector has not been exempt from other risks, such as the boom in cyberattacks caused by the COVID-19 pandemic. In fact, Antonio Grimaltos, head of IT security at the Department of Health in Valencia, spoke to Cytomic about the challenges that public administrations and the healthcare sector have to face when tackling these kinds of threats. Now, not only are these threats affecting healthcare workers and their systems, but they are also targeting their manufacturers and providers, since these organizations also handle much of the sensitive data that hospital staff also handle.

Weaknesses in SaaS programs_

Interserve is a British outsourcing company. It is one of the British Government’s strategic providers and maintains a range of public service spaces and facilities, from transport networks like the Underground, to schools and hospitals. What’s more, it was recently one of the organizations in charge of building the provisional Birmingham Nightingale hospital, which was fully dedicated to the coronavirus pandemic.

In May, an anonymous company source reported to The Telegraph that a group of cyberattackers had stolen information from its human resources database. The perpetrators reportedly had access to the information of as many as 100,000 people. Among the information was personal data such as names, payroll information, bank details, and details about pensions.  All this personal information could be highly valuable for cyberattackers, and dangerous for anyone affected, since it can be used for malicious purposes, such as:

  • Insurance fraud: Using the information contained in insurance policies to scam insurance companies.
  • Falsifying prescriptions: A way of illegally getting medication.
  • Individual extortion: Individually contacting victims and blackmailing them with the threat of revealing medical information.
  • For carrying out future cyberattacks: This information can also serve to perform future cyberattacks on the same system or be used to analyze the victims’ personal information to then use it in targeted social engineering attacks.

The statement issued by Interserve doesn’t go into details about how the cyberattackers were able to get their hands on the information, but some cybersecurity experts believe that the theft was facilitated by weaknesses in the access systems for applications and SaaS programs used by HR personnel.

Strong passwords, MFA, and data control_

These same experts believe that the key is that the passwords used to access these programs must meet certain minimum requirements, such as using uncommon words, making them sufficiently long, and using special characters. They also point out that strong passwords are not enough in and of themselves.

This is why they also highlight that multifactor authentication (MFA) should also be used as part of the login process. This access control method, which is already standard in many programs, only allows the user to log in when she has proven in two or more ways that she is who she claims to be. Aside from the initial password, this could include a token, a certificate, or a code sent by SMS to the user’s phone.

Nonetheless, large organizations, and especially those related to health, which have vast amounts of sensitive data in their medical records, should have the support of solutions that offer them control, management, and absolute protection for all the data on their endpoints. This is why Cytomic Data Watch was developed. It protects personal and sensitive data both in real time and throughout its lifecycle, both on endpoints and on servers. This way, information pertaining to people’s health is kept as safe as possible.