Formed just last month, Cyber Volunteers 19 already has 3,500 members across Europe and beyond
As the pandemic spreads, the Covid-19 virus isn’t the only thing threatening to overwhelm healthcare systems: cybercrime is rocketing too.
Earlier this month, Interpol issued a global alert to healthcare organisations, warning of a significant increase in the number of attempted ransomware attacks against hospitals and medical services.
In one recent attack, for example, Australian heart clinic Melbourne Heart Group is believed to have paid a ransom after its systems were disrupted for more than three weeks.
There are of course a number of organizations, national and international, working to help secure health systems – not least Interpol’s own cybercrime threat response team.
However, with the risks of a critical incident greater than ever, one pair of cybersecurity professionals saw a need for extra help.
Free cybersecurity support for hospitals
Founded by Lisa Forte of Red Goat Cyber Security and Daniel Card of PwnDefend just a few weeks ago, Cyber Volunteers 19 now has around 3,500 members and is already offering free security help in the UK and several European countries.
“We started seeing not just hospitals but healthcare supply chains, people who supply ventilators, things like that, seeing attempted attacks increasing and we thought to ourselves maybe we should get a group together and support people that need it,” Forte tells The Daily Swig.
“The original idea was to provide help to the UK’s NHS, but that’s changed and now we’re in six or seven European countries, so it’s grown into quite a large group in a matter of a month.”
Teams are in place looking for vulnerabilities at specific hospitals, notifying them and closing security gaps.
“We found some vulnerabilities with one hospital, for example, where the consultants were having remote patient consultations over videoconferencing, instead of coming to the hospital,” says Forte.
“The app they were using wasn’t secure, so what could easily have happened is someone listening in to that.”
"They were also sharing test results over Google Docs, where again they hadn’t realised the problems. We notified them of the problem and advised them what to do instead. That’s all now implemented, and, fingers crossed, it’s made them more secure.”
Hospitals around the world are being stretched by the coronavirus pandemic
Healthcare security intel-sharing
Cyber Volunteers 19 is also providing a weekly intelligence briefing that goes out in seven languages across Europe, along with training and awareness materials. Sister groups have been set up in Australia, the Middle East, and Brazil.
"We’re also working with private companies who have donated services and resources to us and to the hospitals we’re working with, so it’s really a community effort and not proprietary in any way,” says Forte, citing SensorOne, Mailchimp, Akamai, and CrowdStrike.
“So, there’s a lot of amazing help from all sorts of companies – it’s just blown us away.”
Dealing with the NHS has been tricky, says Forte, given its organizational structure.
“It’s actually been easier to get access to a wide number of hospitals in other European countries,” she says. “In the UK each hospital has a level of autonomy, so they’re almost like individual businesses.
“It basically had to be a situation where we approached each and every trust in the UK, which has been an arduous process. We’ve also done stuff with the NHS blood and transplant services.”
Doctors’ surgeries are an even bigger problem, as they are run as private businesses. The group is planning to contact them individually after all UK hospitals have been approached.
More infosec volunteers needed
The Cyber Volunteers 19 group is currently planning to establish individual country teams, ready to offer on-site support if required.
“We’ve worked in one country where we’ve disseminated a threat report to every single hospital and doctors’ surgery in the country this week,” says Forte.
“Plus, they’ve got a number of hospitals that they want us to look more closely at their infrastructure to see if we can find any vulnerabilities specifically in these hospitals, so that’s a piece of work that we’ll be starting next week.”
The group is still actively recruiting for full- and part-time volunteers – and not just cybersecurity professionals.
“We have loads of needs, but one of them is definitely translators, especially anyone that can translate into any of the Scandinavian languages or the Baltic languages,” she says.
“Also, anyone who has forensics or instant response knowledge would be awesome as well. And then people who are maybe project managers, not necessarily connected to cybersecurity, to help us manage this massive project.”