Advisory Overview
One of the Czech Republic’s biggest hospitals has been hit with a cyber-attack amid COVID-19 testing. Healthcare facilities, especially hospitals are advised to be on high alert. SKOUT recommends all organizations to be extra cautious during this time of crisis and understand that cyber attacks are likely to be on the rise.
Technical detail and additional information
What is the threat?
Brno University Hospital, the second largest hospital in the Czech Republic has been hit with a cyber-attack while dealing with COVID-19 outbreak. While the technical details of the breach have not been released, hospital officials have stated that staff were forced to shut down the entire IT network during the incident. The security breach has forced Brno hospital to cancel all surgical procedures and re-route patients to nearby hospitals. The U.S. Health and Human Services Department also reported an unsuccessful attack on their network.
Why is this noteworthy?
Brno Hospital is one of the Czech Republic’s largest hospitals and has been conducting testing for the coronavirus where there has been 117 infections confirmed. As per the hospital’s director, “gradually, the individual systems were falling, so all computers had to be shut down, We are able to investigate patients, but we are not yet able to store data. Patient care is maintained, and we are working to be able to store data for hours.”
Although the target was a hospital in this instance, all organizations are susceptible at a time with significant changes to your systems allowing remote workers combined with high emotions.
What is the exposure or risk?
While Healthcare workers and administrative staff are working diligently during this time of crisis, attackers are using this as an opportunity to exploit staff via phishing and malware attacks related to COVID-19. The campaigns vary in exact messaging, but many have impersonated the Government organizations, The World Health Organization or HR departments issuing warning.
What are the recommendations?
SKOUT recommends organizations to be extra cautious during this time of crisis and understand that cyber attacks will continue to be on the rise.
- Ensure that users have strong and complex passwords in place.
- Provide security awareness training to users to spot phishing emails.
- Utilize a strong next-gen endpoint protection that blocks malware such as SKOUT Endpoint Protection.
- Utilize email protection service that can spot malicious emails and attachment before users interact with it such as SKOUT Email Protection.
- Ensure users have the least amount of privileges on their accounts.
- Turn off macros in Microsoft Office. Documents that require macros should never be received through email.
- Use a trusted web proxy, this will typically block connections attempting to be made to malware command and control (CnC) servers.
- Make sure your system is kept up to date with the latest patches and updates.
If you are a target of phishing attempts, please report the email as soon as possible. SKOUT’s Security Operations Center is equipped to do in depth email analysis for our clients. We also have state of the art sandbox tools to analyze any file attachments in question.
References:
For more in-depth information about the recommendations, please visit the following links:
- https://www.zdnet.com/article/czech-hospital-hit-by-cyber-attack-while-in-the-midst-of-a-covid-19-outbreak/
- https://www.techradar.com/nz/news/coronavirus-hospital-suspends-activity-over-cyberattack
- https://www.praguemorning.cz/czech-republics-second-biggest-hospital-is-hit-by-cyberattack/
- https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response
If you have any questions, please contact our Security Operations Center.
