On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis.
According to Microsoft “[D]uring this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.”
Microsoft’s scanning resources previously identified dozens of health care organizations that were at risk, notified them and provided them with resources addressing how to reduce the risk of a ransomware attack or credential theft during this time.
According to Microsoft “[A]s part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.”
Microsoft advises that ransomware is a particular threat to hospitals at this time, and that a successful ransomware attack could create chaos if providers are unable to access electronic medical records of patients while treating them, especially in intensive care units. The Microsoft warning noted that “the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems. Attackers have also been observed using the updater features of VPN clients to deploy malware payloads.”
Microsoft’s alert sets forth important details of what hospital information technology personnel should be looking for and focusing on to minimize this critical risk. Microsoft’s suggestions can be accessed here.