Coronavirus: UK and US officials warn hospitals being hit by cyber attacks as they treat Covid-19 patients

Sign up to our free weekly IndyTech newsletter delivered straight to your inbox

Sign up to our free IndyTech newsletter

Please enter a valid email address

Please enter a valid email address

SIGN UP

I would like to be emailed about offers, events and updates from The Independent. Read our privacy policy

Cyber criminals are attacking healthcare and medical research organisations during the coronavirus outbreak, UK and US officials have warned.

The official cybersecurity agencies of both countries said they have seen an array of attacks on medical bodies, especially those that have been involved in the response to the pandemic.

The attacks appear to be attempting to take advantage of the difficulties in dealing with the outbreak and could undermine the response in both countires, officials warned.

The UK's National Cyber Security Centre (NCSC) and the US Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory urging staff to change any passwords to one created using three random words, and to implement two-factor authentication on accounts to reduce the threat of compromises.

The agencies say they have seen a number of "password spraying" attacks, where hackers attempt to access a large number of accounts using commonly known passwords, targeting healthcare organisations and other medical groups.

The two bodies said they believe criminals were targeting such organisations in the hope of gathering information related to the coronavirus outbreak.

Paul Chichester, NCSC director of operations, said: "Protecting the healthcare sector is the NCSC's first and foremost priority at this time, and we're working closely with the NHS to keep their systems safe.

"By prioritising any requests for support from health organisations and remaining in close contact with industries involved in the coronavirus response, we can inform them of any malicious activity and take the necessary steps to help them defend against it.

"But we can't do this alone, and we recommend healthcare policymakers and researchers take our actionable steps to defend themselves from password-spraying campaigns."

Last month, the NCSC launched its Suspicious Email Reporting Service, following an increase in the number of Covid-19-related email scams, which allows the public to forward emails directly to the centre in order to report suspected scams.

In its first week, the NCSC said the service received more than 25,000 reports, which resulted in 395 scam websites being taken down.

Bryan Ware, CISA assistant director of cybersecurity, said it was prioritising its services to healthcare organisations and other medical groups involved in fighting the coronavirus pandemic, so that those firms can focus on their response to the virus.

"The trusted and continuous cybersecurity collaboration CISA has with NCSC and industry partners plays a critical role in protecting the public and organisations, specifically during this time as healthcare organisations are working at maximum capacity," he said.

Speaking at the daily coronavirus briefing, Foreign Secretary Dominic Raab added: "We're working with the targets of those attacks, with the potential targets, and with others, to make sure that they're aware of the cyber threat and that they can take the steps necessary to protect themselves and at the very least mitigate the harm that could be brought against them.

"There are various objectives and motivations that lie behind these attacks, from fraud on the one hand, to espionage, but they tend to be designed to steal bulk personal data, intellectual property and wider information that supports those aims, and they're often linked with other state actors.

"We expect this kind of predatory, criminal behaviour to continue and to evolve over the coming weeks and months ahead, and we'll be taking a range of measures to tackle that threat."

Additional reporting by Press Association