Security agencies from the United States and the United Kingdom are warning healthcare policymakers and researchers to be on the lookout for cybersecurity threat campaigns amid the COVID-19 response.
Officials representing the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the U.K.’s National Cyber Security Centre (NCSC) said they have seen large-scale password spraying campaigns against healthcare bodies and medical research organizations.
Password spraying is described as an attempt to access a large number of accounts using commonly known passwords.
The entities are advising healthcare groups to change any passwords that could be reasonably guessed to those created with three random words while implementing two-factor authentication to reduce the threat of compromises.
“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19.
“The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organizations, specifically during this time as healthcare organizations are working at maximum capacity,” Bryan Ware, CISA assistant director of Cybersecurity, said. “CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19.”
The targeting of national and international healthcare bodies, pharmaceutical companies, and research organizations has been identified, per the security organizations, to gather information related to the coronavirus outbreak.