The World Health Organization (WHO) recently published a detailed report on the effects of two threats that compounded the COVID-19 pandemic; both of which remain as ongoing issues:
- Cyberattacks on health infrastructure
- Disinformation campaigns
Given the importance of these issues for all practicing healthcare providers and public health officials, this month’s “Resources” section is focused on the Jan. 26, 2024, issue of the WHO’s Weekly Epidemiologic Report.
Cyberattacks on health infrastructure
Taking an organization’s digital system hostage and demanding a ransom for its restoration is something everyone has heard about; however, these attacks have been increasingly common among healthcare institutions. Further, cybercriminals are finding ways to make more money on such attacks:
- Extortion – demanding a ransom in exchange for restored access to the system (which doesn’t always actually happen).
- Double extortion – threatening to leak the data (in this case personal health information) if the ransom is not paid.
- Triple extortion – also demanding a ransom from the individual whose information has been compromised in exchange for not sharing the information.
Ransomware, the software that causes the breakdown in access, can be delivered by various means, including emails (phishing), text messaging (smishing), and voice calls (vishing). Other means of accessing systems occur through “backdoor vulnerabilities,” like accessing the system through an internet-connected desktop device or through “insider threats” delivered unintentionally through people with access to the system. These can take the form of infected USB sticks or accessing personal online storage, email or messaging software when connected to an organization-issued device.
This part of the article also discusses the situation related to COVID-19, including attacks on the biomedical supply chain, why healthcare is a target, the impact, and five parameters that should be considered when addressing the risk of cyberattacks.
Disinformation campaigns
This part of the issue started with a definition for disinformation, stating “The key difference between disinformation and misinformation is not the content of the falsehood but the knowledge and intention of the sender” (p. 38-39). This point is important for two reasons. First, it forces us to separate the content from the motives of the most recent spreader, meaning that the same message can be shared by someone seeking to cause harm or someone who simply believes it to be true and thinks they are helping others get the information. Second, as described by the authors, to be successful, we cannot just target misinformation because it “can lead to misguided interventions and proliferation of conspiracy theories” (p. 39).
Some characteristics of the most successful disinformation campaigns include becoming “entrenched” in the target audience, exploiting cognitive biases, presenting “an aura of credibility,” being engaging or sensational, and being easy to understand and share.
Successfully addressing disinformation requires understanding the creators’ objectives and placing them in context. For example, sometimes the goal is to diminish trust in another or to enhance one’s own credibility. In the case of public health-based topics, harm to the health of the public is not a consideration. Interestingly, the article points out that sometimes the disinformation campaign is outsourced to public relations or marketing firms, making it even more difficult to determine who is the source of the disinformation. One study cited in the report indicated that 15 disinformation campaigns on X (formerly Twitter) and Facebook in 2020 were associated with hired firms.
In relation to the COVID-19 pandemic, the article described why the situation was ripe for disinformation, shared three categories of disinformation and their relative timelines during the pandemic, and summarized studies looking at the public health impact of inaccurate COVID-19 information.
The article concluded with a discussion of the WHO’s strategies and approach to addressing this situation.
The World Health Organization (WHO) recently published a detailed report on the effects of two threats that compounded the COVID-19 pandemic; both of which remain as ongoing issues:
- Cyberattacks on health infrastructure
- Disinformation campaigns
Given the importance of these issues for all practicing healthcare providers and public health officials, this month’s “Resources” section is focused on the Jan. 26, 2024, issue of the WHO’s Weekly Epidemiologic Report.
Cyberattacks on health infrastructure
Taking an organization’s digital system hostage and demanding a ransom for its restoration is something everyone has heard about; however, these attacks have been increasingly common among healthcare institutions. Further, cybercriminals are finding ways to make more money on such attacks:
- Extortion – demanding a ransom in exchange for restored access to the system (which doesn’t always actually happen).
- Double extortion – threatening to leak the data (in this case personal health information) if the ransom is not paid.
- Triple extortion – also demanding a ransom from the individual whose information has been compromised in exchange for not sharing the information.
Ransomware, the software that causes the breakdown in access, can be delivered by various means, including emails (phishing), text messaging (smishing), and voice calls (vishing). Other means of accessing systems occur through “backdoor vulnerabilities,” like accessing the system through an internet-connected desktop device or through “insider threats” delivered unintentionally through people with access to the system. These can take the form of infected USB sticks or accessing personal online storage, email or messaging software when connected to an organization-issued device.
This part of the article also discusses the situation related to COVID-19, including attacks on the biomedical supply chain, why healthcare is a target, the impact, and five parameters that should be considered when addressing the risk of cyberattacks.
Disinformation campaigns
This part of the issue started with a definition for disinformation, stating “The key difference between disinformation and misinformation is not the content of the falsehood but the knowledge and intention of the sender” (p. 38-39). This point is important for two reasons. First, it forces us to separate the content from the motives of the most recent spreader, meaning that the same message can be shared by someone seeking to cause harm or someone who simply believes it to be true and thinks they are helping others get the information. Second, as described by the authors, to be successful, we cannot just target misinformation because it “can lead to misguided interventions and proliferation of conspiracy theories” (p. 39).
Some characteristics of the most successful disinformation campaigns include becoming “entrenched” in the target audience, exploiting cognitive biases, presenting “an aura of credibility,” being engaging or sensational, and being easy to understand and share.
Successfully addressing disinformation requires understanding the creators’ objectives and placing them in context. For example, sometimes the goal is to diminish trust in another or to enhance one’s own credibility. In the case of public health-based topics, harm to the health of the public is not a consideration. Interestingly, the article points out that sometimes the disinformation campaign is outsourced to public relations or marketing firms, making it even more difficult to determine who is the source of the disinformation. One study cited in the report indicated that 15 disinformation campaigns on X (formerly Twitter) and Facebook in 2020 were associated with hired firms.
In relation to the COVID-19 pandemic, the article described why the situation was ripe for disinformation, shared three categories of disinformation and their relative timelines during the pandemic, and summarized studies looking at the public health impact of inaccurate COVID-19 information.
The article concluded with a discussion of the WHO’s strategies and approach to addressing this situation.