QCRI scientists caution against cyberattacks through Covid-19 themed websites

Joseph Varghese

Friday، 01 October 2021 08:29 PM

Cyberattacks are increasing during the Covid-19 as people are being lured to visit Covid-19-themed malicious domains, cautioned a scientist from Qatar Computing Research Institute ( QCRI) a Qatar Foundation entity.
“The Covid-19 pandemic has impacted profoundly every aspect of our society and in the cyber world, attackers quickly exploited the confusion, uncertainty, and anxiety caused by the pandemic, and launched various types of Covid-19-themed attacks," said, Dr Faisal Farooq, principal scientist, QCRI.
Malicious domains are a key component of many such attacks. People who are lured to visit such domains could have their credentials stolen, get infected by malware, or fall victim to scams, cautioned Dr Farooq, who pointed out that cyberattacks on healthcare systems are on the rise globally.
“Cybercriminals have launched complex and coordinated attacks from financial threats to those targeting privacy. The health sector has unique vulnerabilities, providing very large attack surfaces because of the number of diverse interacting entities, the fast adoption of the Internet of Things, and remote connectivity. Insider breaches and compromised credentials also pose very real threats, as different entities access electronic medical records, often with conflicting interests,” he noted.
According to the scientist, attacks against health systems are mainly motivated by financial goals while privacy and identity theft are also among the top motives.
He explained: “The health industry faces a new paradigm with the three main challenges: Privacy, medical device security and financial attacks against healthcare systems. To facilitate scientific research and collaboration, techniques have to be developed to enable data sharing while protecting an individual's privacy. Such research requires a deep understanding of the domain knowledge of healthcare, and close collaboration between security researchers and healthcare experts.”
“Compromises of medical devices impose significant risks to patients. They could also be entry points for attackers to penetrate the whole healthcare system. One challenge is supply chain security. The devices themselves may have vulnerabilities when shipped. Further, applications that are deployed as cloud-based services are expected to induce significant growth in the healthcare industry. Fast adoption of such systems without establishing the right technological measures to validate their security properties may cause significant damage,” he continued.
Dr Farooq maintained that while healthcare systems are increasingly connected to the internet, they are exposed to financial attacks, such as ransomware.
"Healthcare systems tend to have IT infrastructure which is not well maintained or is hard to patch as many systems are based on old Windows systems that are not supported officially anymore. This requires, on the one hand, continuous training of healthcare personnel to follow best cybersecurity practice, and on the other hand, processes for regularly cybersecurity evaluation,” he remarked.
Dr Issa Khalil, another principal scientist at QCRI, said that cyberattacks are especially concerning because these attacks can directly threaten not just the security of health systems but also the health and safety of patients.
“Some cyberattacks expose sensitive patient information and lead to substantial financial costs to regain control of hospital systems and patient data. From small, independent, practitioners to large, university hospital environments, cyberattacks on healthcare records, IT systems, and medical devices have infected even the most hardened systems. Hackers of all types have found numerous ways to make money from illegally obtained healthcare data,” he pointed out.
Cybersecurity must be the responsibility of every healthcare professional, from data entry specialists to physicians and board members. Importantly, patients also have the responsibility to safeguard their personal information and be vigilant when providing information electronically. Effective cybersecurity goes beyond privacy and reputation to control of patient data and healthcare systems and, ultimately, to providing safe, accurate, and uninterrupted treatment,” added Dr Khalil.

Add Comment

There are no comments.