Czech Hospitals Brace For Imminent Cyberattack

Published: 17 April 2020

Caption: Czech authorities are warning of an imminent cyber attack on the country’s IT infrastructure, in particular the systems used by its hospitals (Photo: needpix, Creative Commons Licence)

Czech authorities are warning of an imminent cyber attack on the country’s IT infrastructure, in particular the systems used by its hospitals (Photo: needpix, Creative Commons Licence)

By Will Neal

Authorities in the Czech Republic have issued guidance on emergency cybersecurity measures as the country steels itself for a sophisticated attack on its communication and information systems, including those used in hospitals.

The National Office for Cyber and Information Security (NÚKIB) published the recommendations on Friday morning, after issuing a “high level” warning that an imminent attack is “very probable” the day before.

NÚKIB Director Karel Rehka told Reuters on Thursday that “the information we have available has led us to a reasonable fear of a real threat of serious cyberattacks in the Czech Republic, especially on healthcare systems.”

Another Czech official, speaking on condition of anonymity, reportedly said it is clear the country is facing “a serious and advanced adversary.”

Prem Mahadevan, a senior cybercrime analyst at the Global Initiative Against Transnational Organised Crime, told OCCRP that if the attack is carried out as expected, it would amount to “psychological attrition of an already embattled continent that is struggling with COVID-19.”

“Whether it aims to extract ransoms or destroy computer systems in order to generate a disruptive effect, a coordinated attack on a national healthcare system anywhere in Europe would demonstrate the limited ability of governments to defend against indirect threats,” he said.

Cybersecurity experts are anticipating a sustained increase in attacks during the coronavirus pandemic, with organised criminals moving online as social distancing measures disrupt their usual businesses.

Europol said this month that cybercrime has grown faster than any other type of illegal activity since the start of the outbreak.

The warnings follow a foiled attempt by a sophisticated group of scammers to defraud German health authorities out of as much as 2.4 million euros (US$2.6 million) through the sale of non-existent masks via cloned websites.

Mahadevan said criminal activity tends to spike during and in the aftermath of periods of upheaval in the global economy, including the 1998 financial crisis in Eastern Europe and the 2008 Global Financial Crisis.

“Now, with COVID-19, we are likely to see yet another economic downturn, bigger than the previous two,” he said.

“With the probability of high unemployment in both developed and developing economies and the increasing specialisation of the cybercrime marketplace, where hacking services can be bought and sold, the scale of cybercrimes is likely to expand hugely.”

NÚKIB has asked system operators at healthcare providers and other institutions in the Czech Republic to ensure passwords are changed, anti-virus software is up to date, and that remote access to IT infrastructure is blocked, so as to “minimise the risk of an attacker entering the system by exploiting vulnerabilities or through brute force.”

It is also advising that steps be taken to warn users of some of the common methods used by cybercriminals. This includes being on the lookout for suspicious emails with typical phishing formats, as well as running protected versions of Microsoft Office programs.

NÚKIB has further required that contingency plans should be established to maintain normal operations should an attack occur. It says that data should be backed up, and that copies should be made secure but readily available.

The agency did not immediately respond to OCCRP’s request for comment.