In recent months, global healthcare systems have been stretched to the breaking point amid efforts to respond to the rapidly spreading COVID-19 disease. People around the world have experienced shared concern and pain, and have been eager to receive as much information as possible, as soon as possible, throughout the crisis. In response, healthcare professionals have had to, seemingly overnight, find new ways to support patient needs—often through remote care— to provide treatment and contain the spread of COVID-19. Meanwhile, supply chains and entire industries have been crippled, and the international pressure to understand the disease and find a vaccine or potential cure—and quickly—has been mounting.
Technology has proven to be essential in addressing many of these challenges and the industry has rallied in these efforts in 2020. This includes the work of our own organisation, Microsoft, which has stepped-up in accordance with our mission to “empower every person and every organization on the planet to achieve more.” Our efforts have ned from seemingly simple solutions, such as adopting Microsoft Teams to enable remote consultation services, to supporting cutting-edge research through initiatives like AI for Health. In addition, AI and machine learning have been utilised in the Microsoft Healthcare bot service, which provides autonomous responses to health inquiries, freeing up healthcare workers to address other patient needs. The service has already been used to serve over 31 million individuals across 23 countries. Similarly, Taipei’s Yonghe Cardinal Tien Hospital has installed a “2-in-1” detection device that leverages Microsoft technology and camera equipment to continuously scan patients as they enter the lobby, automatically measuring body temperatures and determining if individuals are wearing masks.
In fact, many of the most helpful technology solutions during the pandemic have focused on freeing up medical staff to do more by improving operational efficiencies and pivoting toward better experiences, better insights and better care. Ultimately, this helps address the most pressing challenge the healthcare industry faces today—limited time and resources.
However, as if they did not have enough to cope with, workers on the frontlines of the pandemic are also facing increased threats online. Malicious actors have always been quick to spot opportunities for personal gain during crises, throwing ethical considerations out the window, and this time is no different. Our teams at Microsoft have detected and responded to increased cyberattacks targeting the global healthcare sector, coming from both cybercriminals and nation-states. Some of these attacks have resulted in delays in COVID-19 testing and treatment, while others have held up vaccine research or blocked access to critical information.
To help shore up cyber defences, Microsoft has published specific guidance on how to protect yourself from COVID-19 themed cyberattacks (here and here), including turning on multi-factor authentication and learning how to recognise phishing emails. We have also made our AccountGuard threat notification service available at no cost to healthcare providers. Through the AccountGuard programme, we monitor nation-state threat actors targeting enterprise mailboxes and the personal email accounts of employees or volunteers who opt in. When we see such activity, we notify affected entities immediately so they can take steps to stop attacks.
Microsoft also partnered, alongside others in the industry, with the CyberPeace Institute in their Cyber4Healthcare effort, an initiative that aims to provide free, personalised and trusted cybersecurity assistance to healthcare organisations fighting COVID-19. One company clearly cannot solve this problem alone, but by bringing together the cybersecurity expert community and matching their skills to the needs of this critical sector at this pivotal moment, especially in emerging economies, there is the potential to make a real difference.
Finally, we have also worked to take the fight to the criminals. In July, Microsoft filed a civil case against cybercriminals who had been exploiting the pandemic to defraud individuals in 62 countries around the world. And rather than exclusively shoring-up our own defenses, the modus operandi of cybersecurity professionals, we disrupted the attacks at their source, blocking attacker activity by seizing control of key domains in their infrastructure so that they can no longer execute cyberattacks.
Addressing such threats is beyond the capacities of any one company. In fact, the industry alone cannot ensure that online attacks against healthcare are no longer a threat. Solutions to these problems require more than improved cyber defenses, though there remains much to do in that regard. We must work together, across industry, civil society and government to hold perpetrators accountable for their actions and to ensure that at least some cyberattacks are deemed out-of-bounds, much as they are in the kinetic world.
In that spirit, nearly 50 former and current global leaders, including Microsoft president Brad Smith, signed a letter to governments calling on them to stop all cyberattacks against hospitals, healthcare and medical research facilities, as well as against medical personnel and international public health organisations. Signatories further demanded that governments assert, unequivocally, that cyber operations against healthcare facilities are unlawful and unacceptable. The breadth and diversity of the signatories—which included Nobel Peace Prize laureates, such as former Soviet Union President Mikhail Gorbachev; leading humanitarians, such as International Committee of the Red Cross chief Peter Maurer; and innovative technologists, such as Eva Chen, the chief executive officer of Trend Micro—underscored the level and cross-cutting nature of the concerns associated with the devasting attacks against healthcare facilities.
In recent weeks, another unlikely global coalition has stepped forward, similarly calling for action. Over 100 international lawyers worked together on a statement emphasising the need for healthcare workers to be able to do their jobs safe from state-sponsored cyberattacks, at all times, but especially in this challenging period. They offered a shared interpretation of the protections offered by international law, for healthcare facilities, as well as for vaccine research. The statement expressed hope that governments will consider these expert conclusions when developing their own national positions, as well as in ongoing multilateral discussions on expectations in cyberspace.
So far, however, despite widespread support for such proposals in the broader community, there has been no apparent appetite in multilateral discussions for any such limits on state activity online. What hope can there then be for more ambitious efforts, like the call from UN Under-Secretary-General Fabrizio Hochschild for a “digital ceasefire” during the pandemic? Mr. Hochschild’s question from that announcement, now several months ago, continues to resonate. If these proposals are not entertained, if these warnings not heeded, “how can we ask our health care workers, diagnostic and treatment facilities, researchers, and hospitals — those bound by the selflessness of duty and banded together against a common, hidden enemy — to continue containing the crisis while questioning whether vital equipment may be affected or shut down by a digital attack?”
The time to act is yesterday.
The views expressed above belong to the author(s). ORF research and analyses now available on Telegram! Click here to access our curated content — blogs, longforms and interviews.