Hillicon Valley: Hackers increasingly target hospitals during pandemic | Stay-at-home protests could qualify as misinformation on Facebook | Tech groups push Congress to send states cyber funding
Welcome to Hillicon Valley, The Hill’s newsletter detailing all you need to know about the tech and cyber news from Capitol Hill to Silicon Valley. If you don’t already, be sure to sign up for our newsletter with this LINK.
Welcome! Follow our cyber reporter, Maggie Miller (@magmill95), and tech reporter, Chris Mills Rodrigo (@chrisismills), for more coverage.
KICK ‘EM WHILE THEY’RE DOWN: As hospitals face a surge in patients and critical equipment shortages stemming from the coronavirus pandemic, they are increasingly becoming the target of hackers who see health care facilities as easy prey.
Ransomware attacks, in which hackers lock up a network and demand payment to return access to these systems, have presented a growing threat to hospitals since January.
Experts expect these attacks to increase, and the threat has captured the attention of top intelligence lawmakers, who warn the coronavirus outbreak and the ransomware attacks amount to a perfect storm.
Senators weigh in: “A major policy focus of mine before the onset of this health emergency was the cybersecurity posture of the health care sector, where we often found major hospital systems ill-equipped to handle ransomware incidents and data breaches,” Sen. Mark Warner (D-Va.), the vice chairman of the Senate Intelligence Committee, told The Hill in a statement.
“COVID-19 has only made that situation worse, with increased attacks and hospital resources stretched perilously thin,” Warner added.
Sen. Michael Bennet (D-Colo.), who expressed concerns following attacks on health agencies including the Department of Health and Human Services last month, told The Hill that he could see the Department of Homeland Security (DHS) having a role to play in protecting hospitals from cyberattacks.
“The administration must ensure DHS is rapidly compiling information on recent cyber activity and intrusions, developing and sharing best practices for protecting networks, and providing assistance to vulnerable and critical entities,” Bennet said.
Global threat: The threat of such cyberattacks is not fixed in one country. INTERPOL, an international police organization, issued a warning last month to its 194 member countries.
INTERPOL’s Cybercrime Threat Response team said in a press release that it “has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”
“Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid,” the organization warned.
Some early victims appeared last month, including a public health district in Illinois that reportedly paid hackers a hefty ransom after facing a ransomware attack. The cost to regain access to their data totaled $350,000.
TRACKING THE VIRUS: Facebook on Monday unveiled a map with a county-by-county breakdown of people reporting coronavirus symptoms.
The map will be updated daily and is based on data from an opt-in survey Facebook is running with researchers at Carnegie Mellon.
The map shows counties across the U.S. by the percentage of people with symptoms, color coding each region with a shade of red. Lighter shades indicate lower percentages of people with symptoms, and a deep red indicates counties with 2.4 percent or more of people reporting COVID-19 symptoms.
Facebook founder and CEO Mark Zuckerberg said the map could help give officials a sense of where resources may need to be directed.
“Understanding how COVID-19 is spreading is critical for local governments and public health officials as they allocate scarce resources like ventilators and PPE, and eventually to decide when it is safe to start re-opening different places,” Zuckerberg said in a post unveiling the map. “Researchers believe these symptom survey maps can be an important tool in making these decisions.”
JUST STAY HOME: Facebook CEO Mark Zuckerberg on Monday told ABC’s George Stephanopoulos that protests of stay-at-home orders that violate state social distancing rules organized through his social media platform qualify as “harmful misinformation” and will be taken down.
“How do you deal with the fact that Facebook is now being used to organize a lot of these protests to defy social distancing guidelines in states?” the “Good Morning America” anchor asked Zuckerberg. “If somebody trying to organize something like that, does that qualify as harmful misinformation?”
“We do classify that as harmful misinformation and we take that down,” Zuckerberg said. “At the same time, it’s important that people can debate policies, so there’s a line on this, you know, more than normal political discourse. I think a lot of the stuff that people are saying that is false around a health emergency like this can be classified as harmful misinformation.”
A spokesperson for Facebook told The Hill that the events would only be taken down if they violate state laws, meaning that many protests against social distancing guidelines could continue to be organized on the platform unless they break the guidelines themselves.
For example, pages for demonstrations carried out in cars that seek to block traffic are allowed to stay up. According to NBC News, several such events remain on the platform.
“Unless government prohibits the event during this time, we allow it to be organized on Facebook,” the spokesperson said. “For this same reason, events that defy government’s guidance on social distancing aren’t allowed on Facebook.”
REPUBLICANS PUSH BACK AGAINST FACEBOOK: Donald Trump Jr. and Sen. Josh Hawley (R-Mo.), two frequent critics of Silicon Valley, hit Facebook on Monday for taking down the event pages of some demonstrations organized against coronavirus stay-at-home orders.
A spokesperson for the social media giant told to The Hill Monday that it removed pages for protests in California, New Jersey and Nebraska after confirming with state governments that they would break social-distancing rules.
“We reached out to state officials to understand the scope of their orders, not about removing specific protests on Facebook,” the spokesperson said. “We remove the posts when gatherings do not follow the health parameters established by the government and are therefore unlawful.”
There have in recent weeks been several protests against measures taken by states to limit the spread of COVID-19, the disease caused by the novel coronavirus.
Those protests have largely used Facebook as an organizing hub. Many of the events are still up on the platform, including ones that tell protesters to stay in their cars in order to maintain social distancing.
STATES IN NEED OF CYBER FUNDS: A coalition of major tech groups on Monday demanded that Congress send funds to state and local governments to defend against cyberattacks as part of the next coronavirus stimulus bill.
The Internet Association, BSA: The Software Alliance, CompTIA, the Cyber Threat Alliance, the Cybersecurity Coalition, the Global Cyber Alliance, the Alliance for Digital Innovation, and the Information Technology Industry Council sent a letter to House Speaker Nancy Pelosi (D-Calif.) and House Minority Leader Kevin McCarthy (R-Calif.) demanding that cybersecurity funds be made a priority in future congressional funding packages.
The technology groups represent companies including Microsoft, Amazon Web Services, Adobe, Verizon, McAfee, Palo Alto Networks and many other leading cybersecurity organizations.
“The rise in malicious cyberattacks targeting State and local entities, combined with the chronic lack of workforce, patchwork legacy systems, under-sourced cybersecurity and IT services, and uneven federal assistance creates a greater risk of system failures that interrupts services on which State and local populations depend,” the groups wrote.
The groups pointed to particular concerns around the uptick in ransomware attacks over the past year on state and local government groups, with hackers locking up systems and demanding payment.
These types of attacks have brought the governments of Baltimore, Atlanta, and New Orleans to their knees in the past two years, along with small governments, libraries, and school districts nationwide.
CYBERATTACKS ON THE RISE: Cyberattacks targeting COVID-19 relief checks shot up in recent weeks, while hackers in general continued using the ongoing pandemic to prey on individuals, research released Monday by software group Check Point found.
Check Point reported seeing an average of 14,000 coronavirus-related cyberattacks per day over the past week, six times the average daily attacks seen in the second half of March. This number jumped further to 20,000 attacks per day since April 7.
The vast majority of these attacks were through phishing emails, in which a hacker tries to tempt the individual targeted to click on a link or download an attachment in order to access their network. Around 3 percent of the attacks were through mobile devices.
One key aspect of these attacks has involved targeting COVID-19 relief checks currently being sent out to the public by the Treasury Department as part of the $2 trillion stimulus package signed into law by President Trump last month.
Over 4,000 new domains related to the stimulus checks have been created since January, many of which Check Point classified as “malicious.” The company warned that users who visit these websites risk having personal information stolen or being exposed to payment theft and fraud.
“Where there’s money, there will also be criminal activity,” Check Point noted in its report. “Hackers and threat actors want to cash in on the rush to get these vital payments and fill their own pockets at the expense of others.”
Lighter click: Something to take the edge off aha
An op-ed to chew on: How virtual Congress would fully transform the work of lawmakers
NOTABLE LINKS FROM AROUND THE WEB:
Two important stories on the people pushing for stay-at-home order protests:
–Pro-gun activists using Facebook groups to push anti-quarantine protests (Washington Post / Isaac Stanley-Becker and Tony Romm)
–Conservative activist family behind ‘grassroots’ anti-quarantine Facebook events (NBC News / Brandy Zadrozny and Ben Collins)
Zoom’s Security Woes Were No Secret to Business Partners Like Dropbox (New York Times / Natasha Singer and Nicole Perlroth)
Amazon-owned Whole Foods is quietly tracking its employees with a heat map tool that ranks which stores are most at risk of unionizing (Business Insider / Hayley Peterson)
Detroit hospital network says data breach affected more than 100,000 patient records (CyberScoop / Jeff Stone)
The Hill has removed its comment section, as there are many other forums for readers to participate in the conversation. We invite you to join the discussion on Facebook and Twitter.