The World Healthcare Organisation has had to contend with another enemy beyond the COVID-19 virus in the form of cyber attacks and phishing attempts, with the WHO reporting a five-fold increase in the number of cyber attacks compared to the period before the pandemic.
As of April 23, some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response.
The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system, used by current and retired staff as well as partners. One of the most prevalent types of attack has come in the form of scammers impersonating the WHO in emails, who then target the general public in order to channel donations to a fictitious fund and not the authentic COVID-19 Solidarity Response Fund. The WHO is now migrating affected systems to a more secure authentication system.
“Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together,” said Bernardo Mariano, WHO’s Chief Information Officer.
The WHO is working with the private sector to establish more robust internal systems and to strengthen security measures, as well as educating staff on cybersecurity risks. The Organisation requests that the public to remain vigilant against fraudulent emails, and recommends the use of reliable sources to obtain factual information about COVID-19 and other health issues.
According to WHO officials and US intelligence agency spokespeople, it is possible, although at this time not confirmed, that some of the attackers may have links to the intelligence authorities of Iran. This would certainly be in line with governments hostile to the West taking advantage of the ongoing crisis in order to pilfer information and cause chaos amongst companies and institutions; the hacking of Zoom meetings and events has served as the most relevant (and prevalent) example of this.
In a world that has seen many businesses providing useful but non-essential services collapse, it is a poignant point that the need for cyber security in the modern age is greater than ever – no matter the circumstances of the world’s politics, economics or healthcare.