Canada's health sector at risk of cyberattacks as COVID-19 fear spreads: CSE

Canada's health sector faces an elevated risk of cyberattacksand intellectual property theftas criminals and state actorstry to exploit global anxiety over the COVID-19 pandemic, according to Canada's foreign signals intelligence agency.

The Communications Security Establishment issued an alert today warning that health organizations involved in the national response to COVID-19 face an "elevated level of risk" ofcyber securityincidents.

"There's a lot of unscrupulous actors out there in the criminal area, as well as states, but I would say mostly criminals who are going to look to take advantage of anybody where they think they can make a buck here," Scott Jones, head of the CSE's Canadian Centre forCyberSecurity, toldCBC News.

"They don't operate by the same ethics that the rest of us do."

The CSEsays sophisticated threat actors could target Canadian medical research labsworking on vaccinesor other remedies through manipulation orspear-phishing campaigns, or by going after critical vulnerabilities as more houseboundemployees connect with their workplaces through VPNs(virtual private networks).

Jones said intellectual property theft through stealing or corrupting data generated byCanadian researchers is a"lower probability"threat but one that would be "very high impact."

"We're saying, 'OK this is a time to maintain vigilance, because you will be targeted,'" he said

Ransomware attacks could rise

Criminals might also try to take advantage of the heavy pressure being placed on Canadian health organizations in orderto extract ransom payments, said Jones.

"They're extremely busy and so that that means your defences are going to be a little bit lower, you're going to click more willingly," he said.

Jones said there have been no specific attacks on Canada's health sector,but there have been incidents elsewhere in the world.

Over the weekend, theU.S. Health and Human Services Department reporteda cyberattack on its system. People familiar with the incident called it a disinformationcampaign aimed at disruptingthe United States' response to thepandemic and suggested it might have been the work of a foreign actor.

Successful attack would be 'bedlam:' threat analyst

The CSE's warning says the impactof a ransomware incident on Canadian organizations involved in supporting Canada's response toCOVID-19 could be more severe because of the pandemic.

Brett Callow, athreat analyst for the cyber security firm Emsisoft, said a successful cyber hit on a health organization could be "bedlam."

"The health care system is already going to be stretched to its limits and a cyberattack during this crisis could tip the balance and result potentially in a significant loss of lives," he said. He said his company isoffering ransomware decryption and negotiation services for free to healthcare providers during the pandemic,and is asking other firms to pitch in.

"The number of attacks against health care providers over the last 18 months would indicate that their systems aren't as secure as they could be," Callow said.

The CSE alert says organizations connected to COVID-19 responseshouldincrease theirmonitoring of network logs, remindemployees to practice phishing awarenessand ensurethat servers and critical systems are updated.

"During a crisis time, you start to minimize changes which means you aren't applying patches, you aren't maybe doing all the things that are normal, good cyber-hygiene because you're trying to keep your system stable so you can continue working," said Jones.