Hospital executives are working day and night to keep staff safe and update operations to combat the COVID-19 pandemic, including chief information security officers.
Here are five things for CISOs to know:
1. Hackers posted nearly 25,000 email addresses and passwords belonging to the National Institutes of Health, World Health Organization, Gates Foundation and others working to fight the COVID-19 pandemic. Various hate groups published the information to online messaging boards and lists, including Twitter, 4chan and Pastebin.
2. Apple iPhones contain a flaw in the email software that makes the devices more vulnerable to cyber hackers. Because of the flaw, hackers can send an email that triggers a bug when the iPhone user downloads the message; there had been six attacks through the email vulnerability as of April 22. Recognizing the escalated number of email phishing attempts targeting U.S.-based healthcare providers, the FBI released tips for cybersecurity professionals and hospital administrators to protect their organizations from cyber threats during the pandemic. The recommendations include installing software patches and turning off automatic download attachment options on email accounts.
3. Google said it blocks 18 million daily malware and phishing emails related to COVID-19 scams. The phishing attacks and scams Google reported included impersonating government organizations such as the WHO to solicit fraudulent donations or distribute malware. The tech giant's ThreatAnalysis Group on April 22 also reported that more than a dozen attackers backed by foreign governments are using COVID-19-themed emails for phishing and malware attempts.
4. Microsoft and Imprivata are teaming up on new digital identity projects to help healthcare organizations transition to the cloud, which will enhance security and compliance requirements. Since forming in mid-March, nonprofit cybersecurity defense group CTI League, which aims to eliminate hospital cybersecurity threats, said it has struck down more than 2,800 cybercriminal assets on the internet and identified 2,000 security vulnerabilities in healthcare organizations.
5. A federal judge on April 21 approved an $8.9 million settlement to end claims from a 2016 Phoenix-based Banner Health data breach that exposed personal information of 2.9 million patients. The settlement will pay $500 to each patient who is covered by the class action and up to $2.9 million to the plaintiffs' attorneys.