COVID, Healthcare Data & the Dark Web: A Toxic Stew

The growing treasure trove of healthcare data is proving irresistible -- and profitable -- to bad actors.

Greg Foss, Senior Cybersecurity Strategist, VMware Security Business Unit

March 17, 2021

5 Min Read
Dark Reading logo in a gray background | Dark Reading

As COVID-19 enters a new phase with vaccine rollouts, the amount of protected health information data being sold on the Dark Web has massively increased. Personal records such as COVID-19 test results and vaccine notifications are now available in large quantities, making the vaccine rollout a prime target for cybercriminals today.

We recently saw that documents accessed in the European regulator's systems were manipulated before being leaked on the Dark Web, creating concerns about ways they might be leveraged in the future. And given the track record of cybercriminals amid the pandemic, this is likely only the beginning.

Not only are healthcare organizations at risk, but researchers have already detected threats targeting individuals looking to access the vaccine, and even that personal data is being sold on the Dark Web. As the vaccine rolls out to the masses, and more personal data increases in value, we can expect cybercriminals to seize the opportunity to profit. 

According to recent data, an estimated 239.4 million attempted cyberattacks targeted VMware Carbon Black healthcare customers in 2020 alone. We also found an average of 816 attempted attacks per endpoint in 2020, representing a staggering 9,851% increase from 2019. In order to stop these threats from targeting healthcare organizations, and especially the deployment of the much anticipated vaccine, we all need to be educated on the types of threats that exist, and the steps we can take to protect ourselves and others from cyberattacks. 

Supply Chain Concerns Continue
Research has consistently shown that healthcare remains one of the most targeted and vulnerable industries to cyberattacks due to the sensitivity and value of the data it utilizes, as well as the difficulty of securing the disparate systems it uses. The increased focus on this sector by malicious actors due to the vaccine has only compounded this problem. Healthcare organizations have been tasked with the mammoth challenge of creating, distributing, and tracking the vaccine rollout in less than nine months.

In addition to looking for valuable data to sell on the Dark Web for monetary gain, we can also expect breaches to take a more destructive approach of targeting the coveted vaccine supply chain. This could ultimately result in delayed delivery of the vaccine to those who need it. 

Patients Are Not Safe From Personal Risks 
For individuals looking to get the vaccine, the cyber threats take on a different shape. We've already seen numerous attacks targeting those waiting for information about the timing and eligibility of the vaccine. These threats come in the form of watering hole attacks, where vulnerable consumers are duped by a phishing website, fake emails, or portals. Once on these sites, consumers are prompted to enter sensitive data in hopes they're one step closer to getting their vaccine. However, that personal information is then delivered directly to hackers. From there, the hackers take the data and sell it on Dark Web forums, offering broad promises from account breaches to identity theft to the highest bidder on the Web. 

I came across one example of these watering hole attacks recently from a security researcher on Twitter. The fake website, targeting consumers in Turkey, directs people to download an application to apply for their spot in line for the vaccine. In reality, consumers are downloading a popular banking Trojan known as Cerberus, which is then used to steal valuable data from their mobile device. 

Striving for Cyber Immunity
When the threats outlined above come together between healthcare organizations and patients, they present serious and potentially destructive consequences for the effectiveness of vaccine distribution. Not only is the rollout disrupted, but a loss in public trust due to breaches and continued threats needs to be avoided. There is a slew of misinformation online about the effectiveness of vaccines and the potential harm they can cause, but as we all strive to get back to some sort of normalcy, we can't risk letting that misleading information get in the hands of vulnerable consumers. I'd advise healthcare organizations to take the following precautions:  

  • Implement physical security controls and auditing around the vaccine storage solution.

  • Educate healthcare staff on the various cybersecurity risks related to their job.

  • Ensure the latest system and software patches are installed.

  • Implement and enforce multifactor authentication for all Internet-accessible services.

  • Log and monitor the usage of information systems, especially the access to sensitive data.

  • Conduct regular risk assessments and perform proactive threat hunting.

  • Use off-site data backup and test recovery periodically.

The sharp rise in attacks during the pandemic has left local governments and the hospital industry asking for increased federal help. The Department of Homeland Security unveiled $25 million in cybersecurity grants to put cybersecurity at the top of the government's agenda as a part of a larger security initiative, which is a great step in the right direction. Implementing safe cybersecurity hygiene to mitigate a digital pandemic and ensuring that the vaccine rollout goes smoothly and securely is critical.

When it comes to cybersecurity, vigilance is key. For both healthcare organizations and consumers awaiting the vaccine, stay alert and be proactive as your reputation and digital health, respectively, depend on it.

About the Author

Greg Foss

Senior Cybersecurity Strategist, VMware Security Business Unit

Greg Foss is a Senior Cybersecurity Strategist within VMware's Security Business Unit where he focuses on detection engineering, security efficacy, and bypasses across the diverse product line. Greg is a very active member of the Denver information security community and he loves to give back and support the industry.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights