Advertisement

All hands on deck: Infosec volunteers to protect medical organizations during COVID-19 crisis

By day, they are cybersecurity professionals at well-known companies. By night, they are working to protect health organizations from hackers.
COVID-19 cybersecurity
The Health Information Sharing and Analysis Center (H-ISAC), whose members include big health care providers, has already received threat alerts from the volunteer group. (Getty Images)

Hackers crossed a line last week when they struck the computer network of the Czech Republic’s second largest hospital as it was testing people for the novel coronavirus.

Former White House and British intelligence officials condemned the cyberattack. It is the sort of digital depravity that U.S. prosecutors have vowed to crack down on during the COVID-19 pandemic.

It was also a tipping point for Ohad Zaidenberg, an Israel-based cyberthreat researcher. “If anyone is sick enough to use this global crisis to conduct cyberattacks, we need to try to stop them,” he said.

And so Zaidenberg stepped up his effort to assemble an ad-hoc group of malware hunters to gather data on COVID-19-related hacking.

Advertisement

By day, they are cybersecurity professionals at well-known companies in Israel, Europe, and North America. By night, they are sending threat data to health organizations and those in other sectors strained by the pandemic.

It’s still a nascent project: there are about 70 people in the group, and Zaidenberg wants to expand it to cybersecurity specialists from all parts of the world. Others are following suit: Joshua Saxe, chief scientist at antivirus firm Sophos, started a similar initiative on Wednesday.

Zaidenberg is one of many cybersecurity hands trying to help out in a time of need. The pandemic is also prompting anti-ransomware experts to do pro bono work.

Cybersecurity companies Coveware and Emsisoft announced this week that they would offer free ransomware recovery services to any hospital or health care organization dealing with COVID-19. They also appealed to ransomware gangs: Stand down, because your family might need treatment for the respiratory disease, too.

Threat intel for those who need it

Advertisement

The Health Information Sharing and Analysis Center (H-ISAC), whose members include big health care providers, has already received threat alerts from Zaidenberg’s volunteer group. Nate Warfield, a security specialist at Microsoft working with Zaidenberg, said he has sent data on a software vulnerability affecting three dozen medical organizations to the H-ISAC.

H-ISAC has in turn been sending its members regular alerts on COVID-19-related scams, which have included a surge in phishing activity against a variety of sectors. The threat-sharing hub is also looking to provide more free cybersecurity tools to members, said H-ISAC chief security officer, Errol Weiss.

“In times like this, we really want organizations to focus on securing their own environments,” Weiss said, adding that the free cybersecurity tools can “help secure a lot of organizations that don’t necessarily have the resources to do that.”

Health industry associations say they are in close touch with federal officials on COVID-19-related hacking threats.

“We are in high-tempo interaction with HHS, DHS and FDA as questions come in about things like what types of organizations are essential for COVID-19 response that might have a higher susceptibility to cyberattacks,” said Greg Garcia, executive director for cybersecurity at the Health Sector Coordinating Council.

Advertisement

The more that volunteer groups can feed their data into those discussions, the more effective cyberdefenses will be against the next miscreant who tries to exploit the pandemic.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts