The Biggest COVID-Related Data Breaches (So Far)
Cybercriminals will always adapt to a changing digital landscape. It’s no surprise that the COVID-19 pandemic brought a wave of cyber-attacks and data breaches. Hackers all over the world took advantage of a vulnerable situation. Data breaches nearly doubled in 2020 as a result. Estimates from the Unisys Security Index indicate that there were 192,000 coronavirus-related cyber attacks per week in May 2020 alone.
Although some of the largest data breaches of 2020 had nothing to do with the pandemic, several were linked to the COVID crisis. The biggest COVID-related data breaches involved healthcare systems, unemployment offices, universities, and COVID-researchers.
The following 8 data breaches are the biggest cyberattacks with explicit links to the COVID-19 pandemic (so far).
Blackbaud hospital breach
Most cybersecurity experts consider the Blackbaud incident as the largest healthcare data breach of 2020. The company provides its cloud software to more than 30 hospital systems in the US and over 25,000 non-profit organizations worldwide. When their systems were compromised in August 2020, the fallout was massive. Blackbaud announced that the records of 657,392 people were exposed, including patient information and Social Security numbers. The ransomware attack has led to 20 lawsuits as well.
Zoom credentials hack
As Zoom is a video-conferencing platform that skyrocketed in popularity in the first months of the pandemic, it’s not surprising that it became a target for hackers. At the beginning of April 2020, more than 500,000 Zoom account credentials went up for sale. Zoom didn’t seem to take a major hit, however, as people continued to use it for remote working or connecting with loved ones. Shortly after the credentials hack, Zoom took steps to rectify its security issues as well.
US Small Business Administration
In most countries, the pandemic created an economic crisis as well. The US Small Business Administration (SBA) was just one of several government agencies in the US that offered emergency assistance for either individuals or small businesses. Unfortunately, the SBA suffered a data breach in April 2020, that impacted almost 8,000 applicants for the Economic Injury Disaster Loan program. Names, Social Security numbers, addresses, birth dates, email addresses, phone numbers, citizenship statuses, and insurance information are all the types of information that may have been exposed.
Magellan Health ransomware
The healthcare industry was already a prime target for cybercriminals, but the COVID-19 pandemic made them even more vulnerable to cyber-attacks. Magellan Health became another unfortunate example of the cybersecurity risks that healthcare organizations face. The Fortune 500 company suffered a ransomware attack in April 2020. The hack exposed employee information such as Social Security numbers or taxpayer-identification numbers. As of October 2020, the estimated total number of victims was 1.7 million.
European Medicines Agency
At the beginning of the pandemic, cybercriminals targeted COVID-19 supplies such as face masks and hand sanitizing gel. Once vaccine development began, they aimed at vaccines and vaccine research instead. The European Medicines Agency (EMA), the drug regulator for the European Union, suffered a cyber attack in December 2020. This exposed documents and confidential information related to the Pfizer/BioNTech vaccine. At this point, the Pfizer/BioNTech vaccine was considered a top contender for combatting COVID-19 and was already being administered in Britain.
World Health Organization
As the world’s foremost public health agency, the World Health Organization (WHO) was a big target for cyberattacks in 2020. Hackers targeted both WHO staff as well as individuals by pretending to be WHO officials. They announced a leak of 450 active WHO email addresses and passwords in just one week in April 2020. The organization estimated the number of cyberattacks directed at WHO increased five times compared to the same period last year.
Illinois Department of Employment Security
Unemployment soared in the US as a result of the pandemic. Many state unemployment systems had a hard time keeping up with claims. The Illinois Department of Employment Security rolled out a new system to help process a large number of unemployment claims. Only one day after the new system launched, a “glitch” leaked thousands of records of applicants. The department fixed the issue within an hour, but it’s unknown how many applicants had their information exposed.
The University of California at San Francisco
In the first half of 2020, coronavirus disinformation was rampant. As the world moved closer to developing a vaccine, vaccine research became a bigger target. The University of California at San Francisco (UCSF) School of Medicine’s IT systems were infected with malware in June 2020. UCSF admitted to paying a ransom to salvage data related to their COVID-19 vaccine research.
COVID-19 data breaches
Even as the world starts to get the pandemic more under control, cyber-attacks will not stop. It’s likely hackers will continue to take advantage of the vulnerability created by the world’s largest public health crisis in over a century.
- Easy Prey Podcast
- General Topics
- Home Computing
- IP Addresses
- Online Privacy
- Online Safety