Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

01:00 PM
Greg Foss
Greg Foss
Connect Directly
E-Mail vvv

COVID, Healthcare Data & the Dark Web: A Toxic Stew

The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.

As COVID-19 enters a new phase with vaccine rollouts, the amount of protected health information data being sold on the Dark Web has massively increased. Personal records such as COVID-19 test results and vaccine notifications are now available in large quantities, making the vaccine rollout a prime target for cybercriminals today.

We recently saw that documents accessed in the European regulator's systems were manipulated before being leaked on the Dark Web, creating concerns about ways they might be leveraged in the future. And given the track record of cybercriminals amid the pandemic, this is likely only the beginning.

Related Content:

Dark Web Forum Activity Surged 44% in Early COVID Months

Special Report: How IT Security Organizations Are Attacking the Cybersecurity Problem

New From The Edge: Realistic Patch Management Tips, Post-SolarWinds

Not only are healthcare organizations at risk, but researchers have already detected threats targeting individuals looking to access the vaccine, and even that personal data is being sold on the Dark Web. As the vaccine rolls out to the masses, and more personal data increases in value, we can expect cybercriminals to seize the opportunity to profit. 

According to recent data, an estimated 239.4 million attempted cyberattacks targeted VMware Carbon Black healthcare customers in 2020 alone. We also found an average of 816 attempted attacks per endpoint in 2020, representing a staggering 9,851% increase from 2019. In order to stop these threats from targeting healthcare organizations, and especially the deployment of the much anticipated vaccine, we all need to be educated on the types of threats that exist, and the steps we can take to protect ourselves and others from cyberattacks. 

Supply Chain Concerns Continue
Research has consistently shown that healthcare remains one of the most targeted and vulnerable industries to cyberattacks due to the sensitivity and value of the data it utilizes, as well as the difficulty of securing the disparate systems it uses. The increased focus on this sector by malicious actors due to the vaccine has only compounded this problem. Healthcare organizations have been tasked with the mammoth challenge of creating, distributing, and tracking the vaccine rollout in less than nine months.

In addition to looking for valuable data to sell on the Dark Web for monetary gain, we can also expect breaches to take a more destructive approach of targeting the coveted vaccine supply chain. This could ultimately result in delayed delivery of the vaccine to those who need it. 

Patients Are Not Safe From Personal Risks 
For individuals looking to get the vaccine, the cyber threats take on a different shape. We've already seen numerous attacks targeting those waiting for information about the timing and eligibility of the vaccine. These threats come in the form of watering hole attacks, where vulnerable consumers are duped by a phishing website, fake emails, or portals. Once on these sites, consumers are prompted to enter sensitive data in hopes they're one step closer to getting their vaccine. However, that personal information is then delivered directly to hackers. From there, the hackers take the data and sell it on Dark Web forums, offering broad promises from account breaches to identity theft to the highest bidder on the Web. 

I came across one example of these watering hole attacks recently from a security researcher on Twitter. The fake website, targeting consumers in Turkey, directs people to download an application to apply for their spot in line for the vaccine. In reality, consumers are downloading a popular banking Trojan known as Cerberus, which is then used to steal valuable data from their mobile device. 

Striving for Cyber Immunity
When the threats outlined above come together between healthcare organizations and patients, they present serious and potentially destructive consequences for the effectiveness of vaccine distribution. Not only is the rollout disrupted, but a loss in public trust due to breaches and continued threats needs to be avoided. There is a slew of misinformation online about the effectiveness of vaccines and the potential harm they can cause, but as we all strive to get back to some sort of normalcy, we can't risk letting that misleading information get in the hands of vulnerable consumers. I'd advise healthcare organizations to take the following precautions:  

  • Implement physical security controls and auditing around the vaccine storage solution.
  • Educate healthcare staff on the various cybersecurity risks related to their job.
  • Ensure the latest system and software patches are installed.
  • Implement and enforce multifactor authentication for all Internet-accessible services.
  • Log and monitor the usage of information systems, especially the access to sensitive data.
  • Conduct regular risk assessments and perform proactive threat hunting.
  • Use off-site data backup and test recovery periodically.

The sharp rise in attacks during the pandemic has left local governments and the hospital industry asking for increased federal help. The Department of Homeland Security unveiled $25 million in cybersecurity grants to put cybersecurity at the top of the government's agenda as a part of a larger security initiative, which is a great step in the right direction. Implementing safe cybersecurity hygiene to mitigate a digital pandemic and ensuring that the vaccine rollout goes smoothly and securely is critical.

When it comes to cybersecurity, vigilance is key. For both healthcare organizations and consumers awaiting the vaccine, stay alert and be proactive as your reputation and digital health, respectively, depend on it.

Greg Foss is a Senior Cybersecurity Strategist within VMware's Security Business Unit where he focuses on detection engineering, security efficacy, and bypasses across the diverse product line. Greg is a very active member of the Denver information security community and he ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the han...
PUBLISHED: 2021-06-16
This vulnerability allows remote attackers to execute arbitrary code on affected installations of GE Reason RPV311 14A03. Authentication is not required to exploit this vulnerability. The specific flaw exists within the firmware and filesystem of the device. The firmware and filesystem contain hard-...
PUBLISHED: 2021-06-16
Helm is a tool for managing Charts (packages of pre-configured Kubernetes resources). In versions of helm prior to 3.6.1, a vulnerability exists where the username and password credentials associated with a Helm repository could be passed on to another domain referenced by that Helm repository. This...
PUBLISHED: 2021-06-16
Apollos Apps is an open source platform for launching church-related apps. In Apollos Apps versions prior to 2.20.0, new user registrations are able to access anyone's account by only knowing their basic profile information (name, birthday, gender, etc). This includes all app functionality within th...
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).