The United States’ Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) have jointly issued a cybersecurity warning for healthcare organizations in both countries.
“CISA has prioritized our cybersecurity services to healthcare and private organizations that provide medical support services and supplies in a concerted effort to prevent incidents and enable them to focus on their response to COVID-19,” said Bryan Ware, CISA assistant director of cybersecurity.
The warning is directed at healthcare and medical research organizations and advises all staff to “change any passwords that could be reasonably guessed to one created with three random words and implement two-factor authentication to reduce the threat of compromises.”
CISA and NCSC reported that they’ve seen “seen large-scale ‘password spraying’ campaigns” directed at healthcare organizations. The advanced persistent threat groups are targeting the organizations to collect bulk personal information, intellectual property, and intelligence that aligns with national priorities. Password spraying, the warning explains, is the attempt to access a large number of accounts using commonly used passwords.
The warning follows an April 8 joint advisory about cybercriminals exploiting the COVID-19 pandemic for personal gain. CISA and NCSC said they expect COVID-19-related cyberattacks to increase over the coming months.