The cyber break-in at the Department of Health and Human Services, reported on March 16, likely won’t be the last attempt we see of hackers trying to take advantage of the societal chaos around the COVID-19 coronavirus. Eric Bednash, a cybersecurity expert and the CEO of RackTop Systems said now more than ever is the time to make sure that your internet habits, not just your handwashing habits, are healthy.
“HHS got hacked, and we’re all trying to figure out what that means,” Bednash told Digital Trends. “But also, healthcare organizations were decimated last year.” Indeed, Yahoo reported that 90% of healthcare providers were hit by “email-borne” threats in 2019. Now, with the added pressure of the virus and the change of routine for everyone, hackers are likely to take more advantage of people. Already, reports have emerged of hackers posting as World Health Organization or Center for Disease Control officials in phishing attacks.
“If systems are already vulnerable, and the way of thinking is antiquated, and business and organizations don’t have proper protections in place to begin with, times like these will make us more vulnerable,” he said. “Whenever there’s a pandemic or a disaster, all of those things create added pressure, and extra opportunity for the bad guys.”
Bednash has been in cybersecurity for 17 years, and started out as a contractor with the National Security Agency, and helped designed some of the systems to protect US data systems after 9/11.
According to Bednash, a lot of the ways we think about cybersecurity are still very much stuck in the 90’s: People are still concerned with protecting networks, and stopping the bad guys from getting in in the first place, rather than accepting that bad guys are already everywhere, and that it’s the data that needs to be protected now, he said. “Pandemic aside, I don’t think we can continue to survive until we start to treat our most valuable asset — our data — as the most important thing,” he said.
When thinking about how to best protect oneself from opportunistic hackers during this uncertain time, what with a distributed workforce that might be working with insecure equipment or unencrypted networks, the best thing to do is pay as much attention as you can to links you click on, and the emails you get, Bednash said. Even a coronavirus tracker website could bring you down.
“Be extra diligent,” Bednash said, even as it might get harder to do so. “Everyone’s searching for ‘coronavirus tracker.’ Make sure you go to a reputable website. If you’re going to look up information on anything related to the pandemic, don’t click on links on your phone or computer that are not from well-known sources.”
It’s a wide-open question as to who could be targeted. Hackers will probably be looking to cast a wide net. “Right now, nobody knows what the fallout is going to be,” Bednash told Digital Trends. “In a couple of weeks, we’ll see how this all shakes out.”
- Coronavirus hospital capacity dashboard disappears from CDC website
- Trump’s CDC data policy won’t hurt your favorite coronavirus tracker
- Hackers are stepping up attacks on health care facilities and researchers
- U.K., U.S. say Russian hackers are trying to steal coronavirus research
- Interpol warns of ‘alarming’ rate of cyberattacks during pandemic