After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard threat notification service for free for healthcare and worldwide human rights and humanitarian organizations.
“AccountGuard is available to organizations using Office 365 for business email and extends additional security to the personal accounts of their front line workers who use Microsoft’s consumer email services such as Outlook.com and Hotmail,” Tom Burt, Microsoft’s Corporate VP on Customer Security & Trust, explained.
“Both AccountGuard for Healthcare and AccountGuard for Human Rights Organizations will initially be available to organizations in the 29 countries where we already offer AccountGuard, subject to review of local laws and regulations, and we will be adding new countries based on need and local law.”
Microsoft AccountGuard and the new offer for healthcare
Launched in 2018 and previously available to only to political campaigns, parties, members of the U.S. Congress and democracy-focused non-profits, the Account Guard service warns the owners of enrolled accounts about ongoing attacks by nation-state hackers.
“Healthcare organizations can sign up here, and human rights and humanitarian organizations can sign up here,” Burt noted. AccountGuard for Healthcare will be available until the COVID-19 pandemic subsides.
The threat notification service is now available for free to: hospitals and care facilities, clinics, labs, and clinicians that provide frontline care to patients; pharmaceutical, life sciences, and medical devices companies that research, develop, and manufacture COVID-related treatments drugs; non-governmental organizations (NGOs), and international non-governmental organizations (INGOs) involved in the response to the COVID-19 pandemic; select individuals (with Outlook.com and Hotmail.com personal emails) invited to participate by an eligible organization.
Participation in AccountGuard for Human Rights Organizations is offered by invitation only.
“Leading human rights and humanitarian organizations including Amnesty International, CyberPeace Institute, Freedom House, Human Rights Watch and Physicians for Human Rights have already registered for our AccountGuard threat notification service through an initial pilot,” Burt added.
Most attacks start with phishing emails
Most of the attacks aimed at healthcare organizations during the COVID-19 pandemic (including the WHO) have started with malicious emails.
“An attacker will often disguise malicious content as a message from a health authority or medical equipment provider. These emails sent to work or home inboxes seek to obtain the person’s credentials and often contain documents or links that will infect a computer and spread the infection through a network, enabling attackers to control it,” he explained.
Attackers targeting healthcare organizations are after COVID-19-related intelligence and/or are looking to disrupt the provision of desperately needed care or supplies. Those probing human rights or humanitarian organizations are after intelligence on these organizations and the people who these groups protect, or want to disrupt their work.