Cyber scams increase during pandemic

NEWS – eHealthNews.nz editor Rebecca McBeth

Kiwi health IT experts are calling for cybersecurity vigilance as the COVID-19 pandemic results in increasing numbers of cyber scams globally.

In New Zealand, junior registrars have been subject to a phishing scam via their WhatsApp accounts.

While WhatsApp is not approved for use in the health sector, it is often used by clinicians to manage tasks and communicate where an alternative is not available.

A Ministry of Health Spokesperson says itis aware that various scams and phishing attacks are happening in New Zealand and encourages health sector organisations to let the Ministry know if they have been affected by a cyber incident and to report cyber incidents to CERT NZ directly.

NZ Resident Doctors Association secretary Deborah Powell says the RDA is aware of the phishing attack and has taken steps to warn members about it.

“We’ve reminded resident doctors to be vigilant and take care, and we’ve put a message out to DHBs as one of the problems is residents use things like WhatsApp because their own DHB systems are not as modern as we would like,” she says.

Celo chief executive Steve Vlok says on 17 March junior registrars started contacting him about signing up for the secure messaging app.

The company is offering Celo for free to individual health professionals during the COVID-19 outbreak and signed up 100 doctors on that morning.

The phishing message appeared to come from a known contact in WhatsApp, asking them to send the SMS code that they had just received on their phone. This would allow the hacker to impersonate them on WhatsApp.

“At Celo, we are helping to respond to this situation by rapidly onboarding users onto the Celo platform so they can continue to collaborate safely with their colleagues,” he says.

Vlok says health IT providers are seeing an increase in cyber activity and are on high alert for potential hackers.

Globally, cybersecurity firms have reported an increase in attacks related to the coronavirus pandemic.

Hackers have sent messages posing as the US Centers for Disease Control and Prevention, the World Health Organization and health agencies from specific countries, purporting to offer information on COVID-19, but actually spreading malware.

The MoH spokesperson says cyber criminals take advantage of situations like COVID-19 to increase the chance of their malicious activities succeeding," the spokesperson says.

"Organisations need to make sure their staff are trained and have the right resources available to keep them safe, and that they have implemented the appropriate security controls and monitoring systems," the spokesperson says.

"Individuals need to make sure they follow their organisation’s policies, keep up-to-date with common types of scams, and report things that seem out of place or suspicious.

New Zealand Health IT chief executive Scott Arrol says cybersecurity is key when a growing number of organisations, businesses and people are using their laptops and other devices to work from home because of the virus threat.

“This has increased the risk of security breaches that can cause the loss of data, breaches of privacy and holding systems to ransom,” Arrol says.

“NZHIT supports and encourages the use of digital tech to enable remote working and accessing virtual healthcare services, but this must be approached in a methodical and security-first manner.”

A statement from Patients First says it "recommends healthcare organisations explicitly anticipate and mitigate the cyber security risks around the use of telework and telehealth solutions". 

Stay up to date on current scams with trusted sources such as CERT NZand Netsafe.

If you would like to provide feedback on this news story, please contact the editor Rebecca McBeth .

This article was updated on 23 March 2020.

Read more news:

DHBs’ digital services ramping up

Telehealth gets $20 million injection

For more information and resources about COVID-19 go to https://www.hinz.org.nz/page/covid19

Return to eHealthNews.nz home page