Protecting healthcare and human rights organizations from cyberattacks 

two healthcare workers at a computer

We’re deeply concerned about cyberattacks impacting workers on the front lines of the COVID-19 fight. News reports have shown recent criminal or nation-state attacks targeting Brno University Hospital in the Czech Republic, Paris’ hospital system, the computer systems of Spain’s hospitals, hospitals in Thailand, medical clinics in the U.S. state of Texas, a healthcare agency in the U.S. state of Illinois and even international bodies such as the World Health Organization. Our teams at Microsoft have also detected and responded to attacks targeting the healthcare sector in many countries, and we know they are coming from criminals and multiple nation-states. In addition, our threat intelligence teams have identified nation-state attacks against human rights organizations around the world for some time, both prior to and during the COVID-19 pandemic.

That’s why, starting today, we’re making our AccountGuard threat notification service available at no cost to healthcare providers on the front lines as well as human rights and humanitarian organizations around the world. Healthcare organizations can sign up here, and human rights and humanitarian organizations can sign up here.

Every patient deserves the best possible healthcare treatment, and we all need to thank and applaud the truly heroic work by those risking their own health to help those who are sick. Their work is challenging enough but is being made more difficult by cyberattacks, now or in the future. Some attacks, such as the one on Brno University Hospital, have resulted in delays in COVID-19 testing, new patients being turned away and treatments being postponed. Others, such as the attack in Illinois, have held up access to critical COVID-19-related healthcare guidance.

Nearly all these attacks have two things in common: a person and email. An attacker will often disguise malicious content as a message from a health authority or medical equipment provider. These emails sent to work or home inboxes seek to obtain the person’s credentials and often contain documents or links that will infect a computer and spread the infection through a network, enabling attackers to control it. In some cases, attackers could be looking for COVID-19-related intelligence, or to disrupt the provision of desperately needed care or supplies. With today’s announcement, we are seeking to notify customers when we see attacks and provide guidance to help.

Microsoft AccountGuard, which we first offered to political campaigns through our Defending Democracy Program, monitors nation-state threat actors targeting enterprise mailboxes and the personal email accounts of employees or volunteers who opt in. This gives our threat intelligence teams a broad view of the avenues attackers typically use. When we see such activity targeting an organization enrolled in AccountGuard, we notify them immediately so they can take steps to stop an attack or root out the attacker. AccountGuard has previously been available to political campaigns, parties, members of the U.S. Congress and democracy-focused non-profits. Nearly 100,000 email accounts in 29 countries are enrolled in AccountGuard and we’ve made 1,450 threat notifications to those participating.

Through today’s announcement, we’re making AccountGuard available to healthcare providers including hospitals, care facilities, clinics, labs and clinicians providing front line services as well as pharmaceutical, life sciences and medical devices companies that are researching, developing and manufacturing COVID-19-related treatments. Our notifications will help these organizations defend against nation-state attacks, and our AccountGuard advice and training support will help them harden their defenses against all forms of cyberattacks. AccountGuard for Healthcare will be available until the COVID-19 pandemic subsides.

In addition to making AccountGuard available to those working directly in the healthcare field, another important part of today’s announcement is the availability of AccountGuard for worldwide human rights and humanitarian organizations. Today, nearly every human rights or humanitarian organization is focused on protecting the rights of people impacted by COVID-19 whether it’s supporting hospitals in conflict zones, amplifying the voices of medical professionals, helping to ensure elections are conducted safely in new ways or helping children who are out of school. In many instances, nation-states and cyber criminals use attacks to gain intelligence on these organizations and the people who these groups protect, or to disrupt their work.

While cybersecurity threats are not new to human rights defenders, these groups have been increasingly under attack, even before the pandemic arose. In the past year, the Microsoft Threat Intelligence Center, or MSTIC, has tracked five separate nation-state activity groups that have attempted nearly nine hundred times to target or compromise hundreds of accounts belonging to employees of nine prominent human rights organizations around the world. Protecting these organizations has never been more important.

Leading human rights and humanitarian organizations including Amnesty International, CyberPeace Institute, Freedom House, Human Rights Watch and Physicians for Human Rights have already registered for our AccountGuard threat notification service through an initial pilot.

Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law. AccountGuard is available to organizations using Office 365 for business email and extends additional security to the personal accounts of their front line workers who use Microsoft’s consumer email services such as and Hotmail.

Whether you’re a front line worker or not, it’s always important to make sure you trust the sender of an email before you open it, that you look out for misspellings or slight inaccuracies in emails that may offer clues of an untrustworthy message, and that you know you trust a URL before you click on it. We’ve published more on protecting yourself from COVID-19-related phishing attacks here. Today’s news is in addition to the work we’ve already announced to track and prevent cyberthreats targeting healthcare organizations and our announcement yesterday on providing non-profits working on the COVID-19 response with greater access to technology.

Tags: , , , ,