The Financial Express

Ensuring cyber security within pandemic stricken health sector

| Updated: January 18, 2021 20:59:21

A woman with the support of her son leaving a hospital in Dhaka after giving sample for Covid-19 test       - FE Photo A woman with the support of her son leaving a hospital in Dhaka after giving sample for Covid-19 test       - FE Photo

Spreading of rumour is a form of malware. Sometimes sensitive issues are deliberately focused upon to present a negative denotation that affects the dimension and creates a gap. Instead of a constructive engagement we are then burdened with the observation calling the glass half empty. The past month has witnessed not only corruption affecting the health sector but also deliberate use of misinformation pertaining to the use and manner by which the pandemic is being tackled through the use of vaccines. In a deliberate manner, rumours and negative elements are being planted through social media that is affecting the greater use of preventive measures.

One needs to start with India which has just authorised the emergency use of two coronavirus vaccines developed by AstraZeneca and Oxford University, and by local pharmaceutical firm Bharat Biotech, according to the country's drug regulator. Prime Minister Narendra Modi subsequently tweeted that the fast-track approvals were "a decisive turning point to strengthen a spirited fight" that "accelerates the road to a healthier and COVID-free nation". It has also been reported in the media that the Serum Institute of India, the world's largest vaccine manufacturing company, has been contracted by AstraZeneca to make a billion doses for developing nations, including India.

Indian Drugs Controller General Dr Venugopal G Somani has, however, subsequently been forced to step in and contradict rumours about the vaccine causing mild fever, pain and allergy by pointing out that it is safe and its use must not be stopped in a country that is the second-worst affected country by the coronavirus after the United States, with more than 10.3 million confirmed cases and 149,435 deaths. Indian Health Minister Harsh Vardhan has also called for a campaign to counter "misleading rumours" that may scare people off getting the vaccine.

This unfortunate trend of hesitancy in the use of vaccine has also appeared in Indonesia-- a nation of 273 million with 87 per cent Muslim population due to spread of mal-information. Question about the potential use of pork products in vaccines is compounding matters in that country.  This has led to experts warning that Muslim leaders in the Southeast Asian nation should speed up efforts to gain public trust ahead of a mass immunisation campaign against COVID-19. The problem has arisen because reports have circulated that pork-derived gelatin is being used as a stabiliser in some vaccines.

It may be noted that the Indonesia government has been in discussion with several pharma companies. This includes orders for 100 million doses from AstraZeneca, 50 million does from Novavax, 50 million from Pfizer, 53 million from COVAX/GAVI - a world body working to ensure poor countries have access to COVID-19 vaccines- and another 125 million from China's Sinovac.  However, the government is yet to approve a single vaccine. AstraZeneca, Novavax and Pfizer have all said there are no pork products in their vaccines. However Sinovac has refused till now to disclose the ingredients of its COVID-19 vaccine or specifically, if it has pork gelatin. This has led the social media in that country fanning the fire by spreading rumours about the fear of side effects and uncertainty about the effectiveness of COVID-19 vaccines. All of this is putting millions of lives on the edge.

Dr Dicky Budiman, an epidemiologist with the Indonesian Ministry of Health has observed in this regard that a halal certification for COVID-19 vaccines was essential. He has also underlined that the MUI, Indonesian's top Muslim clerical body that makes decisions over halal certification, has not yet announced its decision and this is creating chaos.

Such unnecessary propaganda is creating multiple problems for the emerging digital dynamics within the health sector. It is not only affecting individuals but also collective security. It is opening up controversial facets and vulnerability in these troubled pandemic times. This is happening because of the misuse in the circulation of information related to healthcare efforts being undertaken in different countries-- in not only Europe and North America but also in Asia and Africa..

In fact it is becoming quite clear that Covid-19 has catapulted the health sector to the forefront of the need to follow and impose cyber-security measures. Analysts in the United Kingdom, in particular, are suggesting that what started in 2020, might increase its complex tiers in 2021. Malware and mis-information throughout 2021 could result in dangers continuing and evolving even further. This is partially because of the huge logistical challenge of rolling out vaccines with potential prospects of the risk of disruption emerging from complex global supply chains and increased reliance on internet technology. This, in its own way is creating new pressure on doctors' surgeries, IT systems, and sometimes small providers who play a critical role. It is now being alleged that some State-hackers are targeting this chain to disrupt not only in keeping the supplies at the right temperature during transportation but in further vaccine research.

This factor has now resulted in the UK National Cyber Security Centre working to ensure greater security within this paradigm.

It may be noted here that the large pharmaceutical companies have not been strangers to cyber-espionage. It has now emerged that their security officials have been aware of the issue since the first Quarter of 2010. However the issues around the pandemic have changed the sector's importance.

It may be recalled that in July, the UK accused Russian intelligence of targeting research, including for the Oxford vaccine, while the US accused Chinese hackers of similar activity.

This materialisation of "vaccine nationalism" and the associated socio-economic and financial implications have now led intelligence and security officials to raise questions about whether countries could try and undermine the efforts of others going forward by stealing intellectual property.

In this context strategic analysts in Canada have pointed out that a common tactic has been the deliberate spread of misinformation online about vaccinations, or questioning a country's safety and testing record. The United Kingdom has in fact created a National Cyber Force under the Strategic Command of General Sir Patrick Sanders. This matrix has even thought of the possibility of retaliation.

Nevertheless, the more immediate factor that has drawn attention not only in Europe but also in Asia and Africa is the criminal ransomware -- the locking of people out of their computers and data until they pay. In many countries this is now becoming a serious and persistent threat. Criminal gang's attacks have multiplied. A recent report from security firm Positive Technologies has indicated that half of all the cyber-attacks on healthcare were ransomware in the July-to-September quarter of 2020. It has also been revealed that US hospitals have been worse hit than the UK. In all probability, this might be because criminals see those in the USA as being richer than their NHS counterparts. Apparently, the BBC has reported that in just 24 hours in October, six American hospitals received ransom demands of at least US Dollar 1million leading to some cancer treatments being cancelled. After this Greg Garcia, executive Director for the US Cyber security of the Health Sector Coordinating Council remarked "the healthcare sector has become a big, rich, juicy target." This scenario has now led the relevant UK authorities to remove weaknesses in the digitalisation of health within NHS systems that were exposed by 2017's WannaCry ransomware attack.

There is now an evolving agreement among physicians all over the world that as consultations are taking place online, investment to keep internet-connected systems and devices secure needs also to be present. Unfortunately, this is not happening. The bigger risk is also being created as more devices are being connected together while remaining vulnerable, leading to the risk of a cascade effect. Digital criminals are taking advantage of this situation and quite often are moving from unlocking health data available in the archives of organisations and tampering with it-- thereby posing risks to patient safety.

In keeping with the growing anxiety, the UK's National Cyber Security Centre (NCSC) and the British GCHQ Division have recently reported that they thwarted 15,354 campaigns that had used coronavirus themes as a "lure" to fool people into clicking on a link or opening an attachment containing malicious software. Some involved fake shops selling PPE (personal protective equipment), test kits and even vaccines.

The NCSC has also revealed that it had scanned more than one million NHS IP (internet protocol) addresses to look for vulnerabilities, and had shared 51,000 indicators of compromise. It has also carried out "threat hunting" to look for security risks on connected devices, and worked on the security of the NHS Covid-19 contact-tracing app. It has also warned that ransomware attacks had become more common.

Such ransomware locks people out of their computers and demands victims make a blackmail payment to restore access, but even then it is not always granted. The NCSC has also affirmed that it had handled more than three times as many ransomware incidents in 2020 as compared to 2019. Such attacks are now more targeted and aggressive than previously. Rather than just locking people out of access to their data until a ransom was paid, attackers often warn they would embarrass victims if they refused to comply. Examples included details of staff salaries being published online. It meant victims were at risk even if they backed up their data.

The question that now arises in my mind is whether we in Bangladesh are taking necessary proactive measures to safeguard our health sector from such mal-ware digital breaches. Are we also coordinating our efforts so that cyber security can be maintained in all our health centres and clinics - both in urban and rural areas? If necessary, we should think about forming a Council to stop such attacks and that could include representatives from the health sector, the Ministry of Information, the Ministry of Science and Technology, Ministry of Home Affairs and the relevant Agencies from the Armed Forces and the Police.

Muhammad Zamir, a former Ambassador, is an analyst specialised in foreign affairs, right to information and good governance.

[email protected]


Share if you like