Canada's health sector at risk of cyberattacks as COVID-19 fear spreads: CSE

Canadian health agencies face an elevated risk of cyberattacks as criminals try to take advantage of global anxiety over the COVID-19 pandemic, according to Canada's foreign signals intelligence agency.

Sophisticated threat actors could target medical research groups, says intelligence agency

A person types at a keyboard
Canadian health organizations are at a higher risk of cyberattacks as criminals try to take advantage of the fear triggered by the novel coronavirus pandemic. (Trevor Brine/CBC)

Canada's health sector faces an elevated risk of cyberattacks and intellectual property theft as criminals and state actors try to exploit global anxiety over the COVID-19 pandemic, according to Canada's foreign signals intelligence agency.

The Communications Security Establishment issued an alert today warning that health organizations involved in the national response to COVID-19 face an "elevated level of risk" of cyber security incidents.

"There's a lot of unscrupulous actors out there in the criminal area, as well as states, but I would say mostly criminals who are going to look to take advantage of anybody where they think they can make a buck here," Scott Jones, head of the CSE's Canadian Centre for Cyber Security, told CBC News.

"They don't operate by the same ethics that the rest of us do."

The CSE says sophisticated threat actors could target Canadian medical research labs working on vaccines or other remedies through manipulation or spear-phishing campaigns, or by going after critical vulnerabilities as more housebound employees connect with their workplaces through VPNs (virtual private networks).

Jones said intellectual property theft — through stealing or corrupting data generated by Canadian researchers — is a "lower probability" threat but one that would be "very high impact."

"We're saying, 'OK this is a time to maintain vigilance, because you will be targeted,'" he said

Ransomware attacks could rise 

Criminals might also try to take advantage of the heavy pressure being placed on Canadian health organizations in order to extract ransom payments, said Jones.

"They're extremely busy and so that that means your defences are going to be a little bit lower, you're going to click more willingly," he said.

Scott Jones, head of the Canadian Centre for Cyber Security, says laboratories working on the response to coronavirus need to be extra vigilant. (Justin Tang/Canadian Press)

Jones said there have been no specific attacks on Canada's health sector, but there have been incidents elsewhere in the world.

Over the weekend, the U.S. Health and Human Services Department reported a cyberattack on its system. People familiar with the incident called it a disinformation campaign aimed at disrupting the United States' response to the pandemic — and suggested it might have been the work of a foreign actor.

Successful attack would be 'bedlam:' threat analyst 

The CSE's warning says the impact of a ransomware incident on Canadian organizations involved in supporting Canada's response to COVID-19 could be more severe because of the pandemic.

Brett Callow, a threat analyst for the cyber security firm Emsisoft, said a successful cyber hit on a health organization could be "bedlam."

"The health care system is already going to be stretched to its limits and a cyberattack during this crisis could tip the balance and result potentially in a significant loss of lives," he said. He said his company is offering ransomware decryption and negotiation services for free to healthcare providers during the pandemic, and is asking other firms to pitch in.

"The number of attacks against health care providers over the last 18 months would indicate that their systems aren't as secure as they could be," Callow said.

The CSE alert says organizations connected to COVID-19 response should increase their monitoring of network logs, remind employees to practice phishing awareness and ensure that servers and critical systems are updated.

"During a crisis time, you start to minimize changes — which means you aren't applying patches, you aren't maybe doing all the things that are normal, good cyber-hygiene because you're trying to keep your system stable so you can continue working," said Jones.

Add some “good” to your morning and evening.

A variety of newsletters you'll love, delivered straight to you.

Sign up now