Effects of the COVID-19 Pandemic on the Health Sector’s Risk Profile

CyberPeace Institute

Cyber operations that leverage the COVID-19 pandemic are on the rise. The healthcare sector, which is already under greater stress, is among the most at risk from such operations.

Since the beginning of the COVID-19 pandemic, malicious cyber operations have increased on a month-to-month basis. Especially social engineering attacks, phishing emails, and domain registrations have surged, exploiting peoples fear and uncertainty. 

Three primary factors have contributed to this perfect storm:

  1. The COVID-19 Infodemic is being exploited to conduct social engineering attacks.
  2. Remote work has made hundreds of millions of people  easy targets.
  3. Heightened vulnerability of organizations involved in the pandemic response. 

The Healthcare Sector and its Risk Profile  

The healthcare sector has always been a lucrative target due to its need for business continuity and abundance of confidential patient data. At the same time, the sector suffers from a broad attack surface that is a result of rapid digitization (e.g. the IoT of medical devices) without the necessary cybersecurity measures to accompany it. Many healthcare organizations have failed to segment their networks and continue to rely on vulnerable legacy systems and applications to preserve historical data.  

Given the stress that has been placed on them by the COVID-19 pandemic, healthcare organizations as well as medical suppliers and manufacturers are among the most vulnerable to COVID-19 related cyber threats.  

On March 13, the Brno University Hospital in the Czech Republic was forced to turn away new patients and halt all COVID-19 testing after it had been hit by a suspected ransomware attack. Similar security incidents later occurred in France, Spain, and the UK.  

Although data breaches are among the most common cybersecurity threats of the healthcare sector, ransomware attacks pose a particular threat as they are able to render organizations’ systems inoperable.  

On April 04, Interpol issued a Purple Notice, alerting all 194 member states of a heightened ransomware threat, specifically for “key organizations and infrastructure engaged in the virus response.” Just as in other sectors, these attacks are primarily spreading via phishing emails with malicious links “claiming to contain information or advice regarding the coronavirus from a government agency”  

Vulnerabilities arise from the Upscaling of the Healthcare Supply Chain 

In response to the pandemic, the wider healthcare supply chain has experienced an upscaling that is comparable to wartime  efforts.   

These efforts can broadly be divided into three layers: 

Layer 1: Existing providers of medical supplies and technologies have drastically upscaled their efforts to meet the growing demand for crucial supplies, such as ventilators and masks.   

Layer 2: Non-health related industries have begun to produce healthcare products. The global automobile industry has expanded its efforts to produce ventilators.

Layer 3: Initiatives to promote COVID-19 related innovation are being increasingly implemented. For example, Germany hosted a Hackathon that saw nearly 43,000 participants devise over 800 ideas and solutions to tackle the pandemic. 

While such cross-sector efforts are certainly required in the pandemic response, they also threaten to increase the cybersecurity risk profile of the wider healthcare supply chain. With a growing list of industries and initiatives being integrated into the pandemic response, it seems likely that more threat actors will target them. Some ransomware groups have already adjusted their targets to include pharmaceutical and manufacturing industries.  

The proliferation of (innovative) networked medical devices may introduce new vulnerabilities in healthcare organizations. As is often the case, the cybersecurity of new technologies is not always an initial concern, especially when dealing with the urgent task of providing medical relief.

Thus, the upscaling of the healthcare supply chain may in fact exacerbate the aforementioned problem of rapid digitization within the healthcare sector without proper cybersecurity measures. 

We invite you to join our upcoming CyberPeace Lab “The COVID-19 Infodemic: How to Protect the Health Sector from Cyberattacks,” which discusses the current security risks of the health sector and its wider supply chain with a particular focus on accountability and technical response. 

More information can be found on the event page.

The CyberPeace Institute is an independent, non-profit organization with the mission to enhance the stability of cyberspace. It does so by supporting vulnerable communities, analysing attacks collaboratively, and advancing responsible behaviour in cyberspace.

Copyright: The CyberPeace Institute

© Copyright 2023: The concepts and information contained in this document are the property of the CyberPeace Institute, an independent non-governmental organization headquartered in Geneva, unless indicated otherwise from time to time throughout the document. This document may be reproduced, in whole or in part, provided that the CyberPeace Institute is referenced as author and copyright holder.


Support the CyberPeace Institute

Individual lives can be changed dramatically by the acts of cyber criminals. We need your support to assist victims of cyberattacks in the NGO, humanitarian and healthcare sectors.


Subscribe to our newsletter

Receive monthly news on what’s happening at the Institute: our impact, publications, events and important milestones.