The Cyber Pandemic

Behind the scenes of the already dramatic scenes in hospitals, a second, invisible battle is being fought daily: Organized cracker groups are capitalizing on the pandemic to ramp up their attacks against healthcare. Before the pandemic, ransomware attacks, which lock users out of their infected computers until they pay the crackers a ransom – infected computers display a "handy" help screen listing steps to unlock them – were programmed to aimlessly hit as many people as possible: The more victims, the more ransom. Now the focus seems to have shifted, says Paul Rhein, the director of the Governmental Computer Emergency Response Team (GOVCERT), which reports to the Office of the High Commissioner for National Security: "The big change over the last few years is that the focus has shifted from private citizens to businesses and organizations."

Large-scale ransomware attacks are not limited to the healthcare sector, as evidenced by the attacks on the largest gasoline pipeline in the U.S., the Colonial Pipeline, or meat processing plants owned by JBS, the largest meat processing company in the world. In these "campaigns", coordinated computers in the U.S., Canada and Australia were blocked, both times with devastating consequences for far-reaching supply chains. "Especially now, hospitals are an attractive target for cyberattacks", Rhein explains. In heavily burdened hospitals, even small failures can lead to serious human harm: All the greater is the incentive to pay the ransom – after all, human lives are at stake.

When computer viruses are deadly

At least one case in Düsseldorf shows that these fears are not unfounded. Here, a woman had to be transferred to another hospital after a ransomware program took down 30 of the hospital's servers. The delay ended fatally for the woman. While further investigations revealed, that the woman would have likely died regardless of the attack, the case nonetheless reveals how shutdowns can cripple caretakers. While some groups had announced a "Corona-break" at the beginning of the pandemic, it now seems to have turned into the opposite. "These attacks have high costs on all fronts", writes the Geneva-based CyberPeace Institute: "resources dedicated to fighting COVID-19 are crippled, patients’ safety is impacted, sensitive data is stolen, and overall, society loses trust in its healthcare system."