Since the beginning of the coronavirus outbreak, the World Health Organization (WHO) has observed a “dramatic” increase in the number of cyberattacks directed at its staff as well as email scams targeting the public.
According to the organization, around 450 active WHO email addresses and passwords were recently leaked online alongside the credentials of thousands of others working on the coronavirus response.
However, the leaked credentials have not put its systems at risk because the data was not recent though the attack did impact an older extranet system which is currently used by both its active and retired staff as well as its partners.
The WHO has begun the process of migrating its affected systems to a more secure authentication system to prevent falling victim to future attacks.
Increased cyberattacks and scams
In addition to cyberattacks against the WHO itself which are five times higher than during the same period last year, cybercriminals have also begun to impersonate the organization in scam emails in an effort to channel donations to a fake version of the Covid-19 Solidarity Response Fund.
In a press release, chief information officer at the WHO, Bernardo Mariano expressed his gratitude to the member states and private businesses that have alerted the organization to these cyberattacks and scams, saying:
“Ensuring the security of health information for Member States and the privacy of users interacting with us a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from Member States and the private sector. We are all in this fight together.”
The WHO is also working with the private sector to improve the security of its internal systems and to educate its staff on cybersecurity risks.