Cyberattacks Increase in the Time of COVID-19

By Justin Armstrong, Chair, and Nam Nguyen, Vice Chair
EHRA Privacy & Security Workgroup

For COVID-19 resources for health IT developers and other stakeholders, click here.

As part of National Cybersecurity Awareness Month, EHRA is highlighting three alarming trends in cyberattacks that have arisen since the beginning of the COVID-19 pandemic that health organizations should pay special attention to:

  1. Increases in COVID-19 themed cyberattacks
  2. Increased risk of exploitation with more employees working from home
  3. Increase in targeting of COVID-19 research and vaccine development

Increase in COVID-19 Themed Cyberattacks (phishing emails)

An Interpol report from early this year states that in “one four-month period (January to April) some 907,000 spam messages, 737 incidents related to malware and 48,000 malicious URLs – all related to COVID-19 – were detected by one of INTERPOL’s private sector partners.”

The report further projected that, “Business Email Compromise schemes will also likely surge due to the economic downturn and shift in the business landscape, generating new opportunities for criminal activities.” And that “threat actors are likely to continue proliferating coronavirus-themed online scams and phishing campaigns to leverage public concern about the pandemic.” Also, “when a COVID-19 vaccination is available, it is highly probable that there will be another spike in phishing related to these medical products as well as network intrusion and cyberattacks to steal data.”

  1. Refresh yourself and your team on how to recognize and avoid phishing emails
  2. Educate employees on COVID-19 specific phishing tactics

Increased Risk of Exploitation with More Employees Working From Home

Cybercriminals are taking advantage of more employees working outside of the office in potentially less secure environments. Many forget that the securities and protocols put in place in the office may not be in place in a home office or mobile setting. Interpol’s report predicted that “a further increase in cybercrime is highly likely in the near future. Vulnerabilities related to working from home and the potential for increased financial benefit will see cybercriminals continue to ramp up their activities and develop more advanced and sophisticated modi operandi.”

Many forget that the securities and protocols put in place in the office may not be in place in a home office or mobile setting.

AMA published a guide, “Working from home during the pandemic,” to educate physicians about using home computers, tablets, phones, home wifi networks, and medical devices securely. 

Increased Targeting of COVID-19 Research and Vaccine Development

Cybercriminals have increasingly targeted COVID-19 research and vaccine development in recent months. In June, the epidemiology and biostatistics department at the University of California at San Francisco was hit with a ransomware attack jeopardizing COVID-19 treatment and vaccine research and costing the organization $1.14 million. Bloomberg Businessweek details the full account in their article, “How Hackers Bled 118 Bitcoins out of Covid Researchers in U.S. 

Just last month, a ransomware attack disrupted clinical trial company eResearchTechnology (ERT), affecting clients such as IQVIA, AstraZeneca and Bristol Myers Squibb.

“The ability for companies to quickly withstand this kind of attack is completely dependent on how good your IT is to begin with,” said Eric Perakslis, who has served as the FDA’s CIO and held senior IT positions at J&J and Takeda, and is now a Rubenstein Fellow at Duke University. Perakslis further notes that, “If your data is backed up every evening at 5pm, and you test it knowing it can all be restored by 8am the next morning, that’s basic IT hygiene.”

If you or your partners are in the business of COVID-19 research, be especially vigilant.

  1. Review your data backup strategy. The best defense against ransomware is to back up all your data frequently (daily). If your data is compromised by a ransomware attack, you can quickly switch to backup data and be up and running again. The more backup copies in different formats, the better.
  1. When possible, do not pay the ransom. Ransomware payments encourage and fund attackers;  even when paid, there is no guarantee that access to files will be reinstated.

NEW: Be aware that facilitating ransomware payments may violate the U.S. Department of the Treasury’s Office of Foreign Asset Control’s (OFAC) regulations. If you are threatened by hackers, contact OFAC if there is reason to believe the cyber actor demanding ransomware payment may be sanctioned or otherwise has a sanctions nexus. 

Read EHRA’s previous blogs about privacy and security issues here


Leave a comment

Share your thoughts on this topic!

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • Categories

  • Follow EHRA on Twitter

  • Enter your email address to follow this blog and receive notifications of new posts by email.

    Join 178 other subscribers
  • Contact Us

    Kasey Nicholoff
    staff @

    Amanda Patanow
    Communications and Media
    ehracomms @
%d bloggers like this: