Összefoglaló. A COVID–19 pandémia az információbiztonság területén új kihívásokat jelentett. A távolról végzett munka különböző formái jelentős mértékben növelték az online tér biztonsági kockázatát. Nőtt a hálózatok nagysága, az adatforgalom, és azon felhasználók száma, akiknek nem volt érdemi tapasztalatuk az online térben. A járvány ideje alatt a kibertérből érkező támadások szektoronként és időszakonként eltérő intenzitásúak voltak, a támadások típusa a phishingtől a malwareken keresztül az információs zavarkeltésig széles spektrumban változott. Számos jelenségnek nemzetbiztonsági vonatkozásai is voltak. Összefoglaló cikkünkben a fenti jelenségek nemzetközi és hazai tapasztalatait összegezzük, különös figyelmet szentelve az egészségügyi rendszernek, illetve a vakcinafejlesztés kibertérből érkező fenyegetéseinek.
Summary. During the COVID-19 pandemic, new challenges emerged in the field of information security and cyber security. Home office, home schooling and distance learning, or even telemedicine hit some organizations unprepared. Security risks in online space have increased significantly: the number of network endpoints and the number of computers, laptops and mobile devices have increased with network data traffic as well as the number of users who had no significant experience in online space. They appeared as a significant risk factor. This has been exacerbated, especially in healthcare, by the extremely high workload, which has made systems highly vulnerable. During the epidemic, attacks from cyberspace varied in intensity from sector to sector and period to period. Statistics from international and national organizations have shown that from the end of the first quarter of 2020, the number of cyber security incidents jumped sharply and then remained high even after a small decline. The types of attacks had an extremely wide range: from phishing through malware to misinformation, almost all types of attacks occurred. Many phenomena also had national security implications. Ransomware virus attacks on health have affected almost all health systems and reached high levels by the end of 2020 in particular. It was during the first period that, in an emergency case, there is thought to be an association between a ransomware virus attack and the death of a patient who was not admitted because of the attack.
In addition to distance measures and the associated increase in cyber threats, the emerging threats related to vaccination, which is central to the fight against the epidemic, should also be highlighted. This period has shed light on how many vulnerabilities there are, from vaccine development through drug trials to delivery to vaccines and the organization of vaccines, that cybercriminals are able to attack. In order to prevent and combat these threats and attacks, and to respond appropriately, complex, multidisciplinary collaborations are needed in which security science has a privileged place. In our review article, we summarize the international and national experiences of the above phenomena, paying special attention to the health care system and the threats coming from cyberspace in vaccine development.
1163/2020. (IV. 21.) Korm. határozat – Nemzeti Jogszabálytár (2020) https://njt.hu/jogszabaly/2020-1163-30-22.2 [Letöltve: 2021. 04. 22.]
157/2020. (IV. 29.) Korm. rendelet a veszélyhelyzet során elrendelt egyes egészségügyi intézkedésekről (2020) https://www.hbcs.hu/uploads/jogszabaly/3123/fajlok/157_feld.pdf [Letöltve: 2021. 04. 22.]
APWG (2020) APWG Q3 Report: Four Out of Five Criminals Prefer HTTPS. https://info.phishlabs.com/blog/apwg-q3-report-four-out-of-five-criminals-prefer-https
Bansak, C. & Starr, M. (2021) Covid-19 shocks to education supply: how 200,000 U.S. households dealt with the sudden shift to distance learning. Review of Economics of the Household, Vol. 19. pp. 63–90. https://doi.org/10.1007/s11150-020-09540-9
BBC News (2020a) Google blocking 18m coronavirus scam emails every day.https://www.bbc.com/news/technology-52319093 [Letöltve: 2021. 04. 22.]
BBC News (2020b) Therapy patients blackmailed for cash after clinic data breach. https://www.bbc.com/news/technology-54692120 [Letöltve: 2021. 04. 22.]
BlueVoyant (2021) Cyber Security & Attacks in the Logistics Industry | BlueVoyant. https://www.bluevoyant.com/resources/gated-resource/cyber-security-and-attacks-in-logistics/ [Letöltve: 2021. 04. 22.]
CISA (2020) Ransomware Activity Targeting the Healthcare and Public Health Sector | CISA. https://us-cert.cisa.gov/ncas/alerts/aa20-302a [Letöltve: 2021. 04. 22.]
CPO Magazine (2020) Ransomware Attack on a Major Health Tech Firm Slows Down Several COVID-19 Clinical Trials. CPO Magazine. https://www.cpomagazine.com/cyber-security/ransomware-attack-on-a-major-health-tech-firm-slows-down-several-covid-19-clinical-trials/ [Letöltve: 2021. 04. 24.]
EMA (2020) Cyberattack on the European Medicines Agency | European Medicines Agency. https://www.ema.europa.eu/en/news/cyberattack-european-medicines-agency [Letöltve: 2021. 04. 24.]
ENISA (2020) ENISA Threat Landscape 2020 - Phishing. ENISA. https://www.enisa.europa.eu/publications/phishing [Letöltve: 2021. 04. 22.]
FBI (2021) People’s Republic of China (PRC) Targeting of COVID-19 Research Organizations. FBI. https://www.fbi.gov/news/pressrel/press-releases/peoples-republic-of-china-prc-targeting-of-covid-19-research-organizations [Letöltve: 2021. 04. 22.]
Hadi K. (2020) A telemedicina alkalmazása a COVID-19 pandémia magyarországi kezelésében, különös tekintettel a kiberbiztonságra. Szakdolgozat, Semmelweis Egyetem
HHS (2021a) U.S. Department of Health and Human Services Office for Civil Rights, Breach Portal, Cases Under Unvestigation https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf [Letöltve: 2021. 04. 22.]
HHS (2021b) Notification of Enforcement Discretion for Telehealth Remote Communications During the COVID-19 Nationwide Public Health Emergency | HHS.gov. https://www.hhs.gov/hipaa/for-professionals/special-topics/emergency-preparedness/notification-enforcement-discretion-telehealth/index.html [Letöltve: 2021. 04. 22.]
HIPAA Journal (2021) Hackers Leak Data Stolen in European Medicines Agency Cyberattack. https://www.hipaajournal.com/hackers-leak-data-stolen-in-european-medicines-agency-cyberattack/ [Letöltve: 2021. 04. 24.]
Interpol (2020a) Cybercriminals targeting critical healthcare institutions with ransomware. https://www.interpol.int/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware [Letöltve: 2021. 04. 22.]
Interpol (2020b) INTERPOL report shows alarming rate of cyberattacks during COVID-19. https://www.interpol.int/News-and-Events/News/2020/INTERPOL-report-shows-alarming-rate-of-cyberattacks-during-COVID-19 [Letöltve: 2021. 04. 22.]
Jalali, M. S., Bruckes, M., Westmattelmann, D., & Schewe, G. (2020) Why employees (still) click on phishing links: Investigation in hospitals. Journal of Medical Internet Research, Vol. 22. No. 1. e16775. https://doi.org/10.2196/16775
Magyar Kormány (2021) Összehangolt kibertámadás indult a kormányzati oldalak ellen.https://kormany.hu/hirek/osszehangolt-kibertamadas-indult-a-kormanyzati-oldalak-ellen?fbclid=IwAR2yvVAm3BohhS_08mXo8HdY9Xs8gcoaqcSSTY9Y3daWJE10Uzc886fWPxo [Letöltve: 2021. 04. 22.]
National Cyber Security Center (2020a) Advisory: APT29 targets COVID-19 vaccine development. NCSC.GOV.UK. https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development [Letöltve: 2021. 04. 22.]
National Cyber Security Center (2020b) NCSC response to speculation about cyber attacks. NCSC.GOV.UK. https://www.ncsc.gov.uk/news/ncsc-response-to-speculation-about-cyber-attacks-on-uk-coronavirus-research [Letöltve: 2021. 04. 22.]
NCSC (2021) China’s collection of genomic and other healthcare data from America: risks to privacy and U.S. economic and national security. https://www.dni.gov/files/NCSC/documents/SafeguardingOurFuture/NCSC_China_Genomics_Fact_Sheet_2021.pdf [Letöltve: 2021. 04. 22.]
NKI (2020) Riasztás egészségügyi intézményeket érintő Emotet terjesztési kampánnyal kapcsolatban. Nemzeti Kibervédelmi Intézet. https://nki.gov.hu/figyelmeztetesek/riasztas/riasztas-egeszsegugyi-intezmenyeket-erinto-emotet-terjesztesi-kampannyal-kapcsolatban/ [Letöltve: 2021. 04. 22.]
Oroszi, E. D. (2021) Social Engineering a koronavírus tükrében, avagy a rendkívüli helyzetet kihasználó támadási technikák és megelőzésük. Dunakavics, Vol. VIII, No. V, pp. 5–20.
Palicz, T. & Joó, T. (2020) Az infrastruktúra-védelem és az információbiztonság kapcsolata. In: Deák V. (ed.) Az IBTV. gyakorlata. Nemzeti Közszolgálati Egyetem Közigazgatási Továbbképzési Intézet, 2020, pp. 21–31. https://nkerepo.uni-nke.hu/xmlui/bitstream/handle/123456789/15923/Az%20Ibtv.%20gyakorlata%20Eves%20tovabbkepzes%20felelos%20vezeto.pdf?sequence=3
Palicz, T., Sas, T., Tisóczki, J., Bencsik, B. & Joó, T. (2020) „Pénzt vagy életet!” – Zsarolóvírusok az egészségügyi informatikai rendszerekben [“Your money or your life!” – Ransomwares in healthcare information systems]. Orvosi Hetilap, Vol. 161. No. 36. pp. 1498–1505. https://doi.org/10.1556/650.2020.31788
Privátbankár.hu (2020) 900 százalékkal nőtt a koronavírus-álhírek száma. https://privatbankar.hu/cikkek/makro/5-osszeeskuves-elmelet-a-koronavirusrol.html [Letöltve: 2021. 04. 23.]
SecurityScorecard (2020) Listening to Patient Data Security: Healthcare Industry and Telehealth Cybersecurity Risks. https://securityscorecard.com/resources/healthcare-industry-telehealth-cybersecurity-risks-report [Letöltve: 2021. 04. 24.]
Szerencsés, V., Palicz, T., Joó, T., Lám, J., Demeter-Fülöp, V. & Ugrin, I. (2021) A Covid19 járvány során hozott egészségügyi intézkedések és hatásaik Magyarországon és Ausztriában. Belügyi Szemle, Vol. 69. No. 1. pp. 123–142. https://doi.org/10.38146/BSZ.2021.1.6
Szócska, M. & Joó, T. (2018) Health Security Issues. In: Finszter G. & Sabjanics I. (eds) Security Challanges in the 21st Century. pp. 335–347. Dialóg Campus, 2018, https://www.bm-tt.hu/assets/letolt/secchal21.pdf.
The Hacker News (2021) European Authorities Disrupt Emotet – World’s Most Dangerous Malware.https://thehackernews.com/2021/01/european-authorities-disrupt-emotet.html [Letöltve: 2021. 04. 22.]
Vraga, E. K. & Bode, L. (2020) Defining Misinformation and Understanding its Bounded Nature: Using Expertise and Evidence for Describing Misinformation. Political Communication, Vol. 37. No. 1. pp. 136–144. https://doi.org/10.1080/10584609.2020.1716500
WHO (2020) Situation Report-13. 20200202-sitrep-13-ncov-v3.pdf (who.int) [Letöltve: 2021. 04. 22.]
Wired UK (2020) The untold story of a cyberattack, a hospital and a dying woman | WIRED UK. https://www.wired.co.uk/article/ransomware-hospital-death-germany [Letöltve: 2021. 04. 22.]
Wosik, J., Fudim, M., Cameron, B., Gellad, Z. F., Cho, A., Phinney, D. & Tcheng, J. (2020, June 1). Telehealth transformation: COVID-19 and the rise of virtual care. Journal of the American Medical Informatics Association, Vol. 27. No. 6. pp. 957–962. https://doi.org/10.1093/jamia/ocaa067
Zarocostas, J. (2020) How to fight an infodemic. Lancet, Vol. 395. No. 10225. pp. 676. https://doi.org/10.1016/S0140-6736(20)30461-X