COVID-19 cyber-attacks: cybersecurity in the healthcare sector

The European Union Agency for Cybersecurity (ENISA) works to promote cybersecurity in the healthcare sector and protect citizens against malicious COVID-19 cyber-attacks.

COVID-19 has changed the world since touching ground on European soil earlier this year. With hospitals overwhelmed in managing this extraordinary pandemic, businesses shifting gears to teleworking and ecommerce platforms, and the general public feeling uncertainty, the world has transformed and put a great deal of trust on one actor, the internet. This ‘virtual’ reality has created a new opportunity for cyber incidents. Phishing schemes, ransomware attacks, and misinformation campaigns leveraging the pandemic are on the rise.

One European agency has taken the lead in offering advice and sources on cybersecurity in crisis situations such as COVID-19. ENISA, the European Union Agency for Cybersecurity, has been working to make Europe cyber secure since 2004, and since the EU Cybersecurity Act of 2019 has become the leading actor supporting a co-operative response to large-scale cross-border cyber incidents across the Union.

At the onset of the pandemic, ENISA immediately issued a series of cybersecurity recommendations, awareness actions, and guidelines in dealing with cybersecurity aspects of the crisis, targeting the healthcare system, businesses, and the public. ENISA has created a multimedia platform with publications, videos, infographics, and access to events and workshops about cybersecurity during COVID-19, found here.

“What we at the EU Agency for Cybersecurity are seeing is that malicious agents are using the COVID-19 pandemic to target both people and the health sector,” ENISA Executive Director Juhan Lepassaar notes.

ENISA on cybersecurity in the healthcare sector

Hospitals have become prime targets for malware actors during the pandemic. Recent reports include a ransomware attack on the Czech Republic’s second largest hospital, an unsuccessful cyber-attack attempt at the Paris hospital authority AP-HP, and a massive email campaign targeting healthcare workers in Spain. The whole cybersecurity community has come together to support the healthcare sector: national cybersecurity authorities are issuing alerts and guidelines on potential cyber-attacks; the private sector is offering pro-bono cybersecurity related services; and EU Member States are collaborating with the EU Institutions, Agencies, and bodies such as ENISA, Europol, and the Computer Emergency Response Team (CERT-EU) through networks of specialised security response teams, the Computer Security Incident Response Teams (CSIRTs).

ENISA has reacted swiftly to threats in the healthcare sector by providing advice to support the sector, taking into account the situational evolution and most common incidents since the beginning of the pandemic. Some of the Agency’s advice includes sharing information with healthcare staff in the organisation, building awareness of the ongoing situation, raising awareness internally by launching campaigns even during the time of crisis and, in the case of infection, asking staff to disconnect from the network to contain the spread. In the case of a systems compromise, ENISA advises freezing any activity in the system, disconnecting infected machines from others and from any external drive or medical device, going offline from the network, and immediately contacting the CSIRTs.

cybersecurity in the healthcare sector

Preparing for crises at Cyber Europe

ENISA goes beyond raising awareness for cybersecurity in the healthcare sector by preparing experts and governments to handle potential crises before they even occur. The Agency manages the biannual programme of pan-European exercises, Cyber Europe, the EU’s largest cyber-exercise. The exercises allow participants to analyse advanced technical cybersecurity incidents and deal with complex crisis management situations.

The next Cyber Europe will take place in 2021 and will focus on healthcare. Given the COVID-19 crisis, the exercise will take on-board lessons learned from threats and incidents that happened during this crisis.

How to safely navigate a virtual world and protect data

To safely navigate this new virtual world where the Internet serves as the main platform for communication, access to news, work, doctors, shopping, schooling, and much more, basic security is key. ENISA has created a list of basic recommendations on mastering safety while working online. Step one is establishing a secure Wi-Fi connection, as some older Wi-Fi installations may be insecure, opening up possibilities for snooping. Other recommendations include working with a fully updated anti-virus system in place and up-to-date security software, backing up content regularly and checking if encryption tools are installed.

Email fraud schemes such as phishing are growing in line with COVID-19. The Agency urges caution when receiving emails that ask to check or renew credentials, even if the email seems to be from a trusted source. Emails that create a sense of urgency are also key candidates for phishing, the Agency notes. How does phishing work? Imagine a message with an attachment supposedly containing pertinent information regarding the Coronavirus, but it is actually a malicious email in disguise. Once the attachment or embedded link is opened, it may download malicious software onto the user’s device, which could drive software allowing cybercriminals to take control of the device, log the user’s keystrokes, and access personal information and financial data, which could lead to identity theft.

Beyond stepping up digital security and following tips, the Agency also recommends being vigilant with personal and financial information while shopping online and visiting ecommerce sites. ENISA recommends that when making online purchases, citizens ensure a secure connection, look out for COVID-19 phishing emails and fake websites, are on top of their online accounts to avoid payment fraud, are working on an updated operating system and applications, and think twice when asked for data. The Agency also calls for businesses to provide secure websites for customers, protection and management of information, compliance with data protection requirements, and more.

Doing business during COVID-19

Businesses, including SMEs, have had to shift gears almost overnight, completely relying on the Internet for new business models that enable employees to telework, consumers to buy goods online, and teams to make important decisions via virtual platforms. Online communication tools such as video and audio conferencing, instant messaging, remote document sharing and file exchange, and Internet streaming have become vital to keep businesses alive. The security and privacy settings of such tools are fundamental for efficient operations, ENISA notes. Employers should provide authentication, secure session capabilities for remote workers, and ensure adequate support in case of problems, according to the Agency.

Cybercriminals move and adapt quickly – they may impersonate government organisations, ministries of health, centres for public health, or important figures in a relevant country in order to disguise themselves as reliable sources, ENISA warns.

More information related to cybersecurity aspects of the COVID-19 pandemic can be found online at along with ENISA’s along with ENISA’s COVID-19 video released this May on the Agency’s YouTube channel, here.

The European Union Agency for Cybersecurity (ENISA)
Tweet @enisa_eu

Please note, this article will also appear in the second edition of our new quarterly publication.

Subscribe to our newsletter


Please enter your comment!
Please enter your name here

Featured Topics

Partner News


Latest eBooks

Latest Partners

Similar Articles

More from Innovation News Network