chevron-down Created with Sketch Beta.

Litigation News

Litigation News | 2021

Cybersecurity Trends During a Health Crisis

Christina M. Jordan

Summary

  • The current COVID-19 pandemic provides fertile hunting grounds for cybercriminals targeting computer users.
  • Fear of the unknown provides opportunities for cybercriminals to target computer users.
  • The pandemic has shaped cybersecurity trends and issues and what might be in store for the future of cybersecurity.
Cybersecurity Trends During a Health Crisis
athima tongloom via Getty Images

Jump to:

Fear of the unknown provides opportunities for cybercriminals to target computer users, and the current COVID-19 pandemic provides fertile hunting grounds. The ABA Section of Litigation held a panel addressing these issues, “Cybersecurity Trends and the Impact of COVID-19,” at the Virtual Section Annual Conference in May. The panel moderator, Danielle M. Panetta, Boston, MA, and panelists Jay Doyle, Washington, DC, and Grace C. Wen, New York, NY, discussed how the pandemic has shaped cybersecurity trends and issues and what might be in store for the future of cybersecurity.

Exploiting Current Events to Gain Access to Information

This is not the first time cybercriminals have used a health crisis to gain unlawful access to computers, intellectual property, bank account information, usernames, passwords, and other personal data—nor will it be the last. “Criminals often exploit current events to socially engineer victims through tailored delivery of event-relevant emails that entice victims to click on links or provide credentials,” states Doyle. There has been over a 200-fold increase in phishing emails since the start of the COVID-19 crisis, Doyle adds.

“Phishing emails prey on people who are looking for information, who are vulnerable financially,” Doyle continues. “Websites and emails look like they are from credible sources, Johns Hopkins, CDC, WHO, bank, IT department,” observes Doyle, but they are hoaxes designed to collect personal information. Stimulus payments anticipated under the Coronavirus Aid, Relief, and Economic Security (CARES) Act provide targeted subject matter for scammers. For example, the Treasury Inspector General Tax Administration Office of Investigations anticipates that “criminals will engage in various scams and schemes in attempts to intercept [Economic Impact Payments] and/or steal sensitive taxpayer information during these challenging times.”

Tools for Avoiding Scams and Strengthening Cybersecurity

Practical tips for avoiding scams and safeguarding personal information include “going to websites yourself instead of clicking on embedded links in emails, calling sources directly instead of using numbers provided in emails,” advises Doyle. “The government will not reach out and ask for personal information,” he points out.

Companies can also take proactive measures for safeguarding sensitive and confidential information and avoiding data breaches. Almost half of all data breaches are caused by phishing emails or other scams. Steps for mitigating data breaches include “identifying vulnerabilities; implementing a security awareness training program and policy; identifying key stakeholders; multifactored authentication; using virtual private networks; and implementing a software restriction policy,” according to Doyle.

Impact of Biometric Data on Health Crisis: Contactless vs. Contact-Only

“With the COVID-19 pandemic, biometric data has become an important factor in monitoring the spread of the virus and supporting reopening governments,” asserts Wen. Biometric data measures characteristics of a person’s body and is classified into two categories: physiological biometrics and behavioral biometrics. Physiological biometrics include retinal scans, fingerprints, and facial geometry. Behavioral biometrics include movement patterns, heartbeat, temperature, and sleep.

In the current health crisis, biometric data is recognized as a valuable tool for monitoring the spread of the virus. “As countries are racing to reopen their governments, they are looking to biometric data to develop modern data surveillance and analytics systems, for example temperature measurement and facial recognition,” observes Wen. “Smart thermometers paired with mobile devices could help prevent the spread of virus by predicting and detecting fever clusters,” notes Wen. Location and GPS data from smartphones can assist with contact tracing and help create heat maps of where the disease is spreading. “Contact-only sensing technologies that rely on a fingerprint and hand scans pose a great hygienic risk and severely limit infectious control protocols,” whereas “biometric data can provide contact-less identification,” she adds.

Biometric Data Privacy

While biometric data can be beneficial for daily life, it can also be misused for identity theft or other impermissible purposes. Increased use of medical devices during the current health crisis may result in increased cybersecurity risks. Entities that had not previously been collecting biometric data may not have policies in place for collecting, processing, and retaining biometric data. Establishing a data privacy policy would help avoid cybersecurity risks associated with the misuse of biometric data.

There is currently “no federal law yet [for protecting biometric data], but a bill [Ethical Use of Facial Recognition Act] has been introduced to limit use of facial recognition technology,” states Wen. The findings delineated in the proposed bill highlight the following issues regarding facial recognition technology:

  • “Facial recognition has been shown to disproportionately impact communities of color, activists, immigrants, and other groups that are often already unjustly targeted.”
  • “Facial recognition has a history of being inaccurate, particularly for women, young people, African Americans, and other ethnic groups.”
  • “It is critical that facial recognition not be used to suppress First Amendment–related activities, violate privacy, or otherwise adversely impact individuals’ civil rights and civil liberties.”

Additionally, the National Institute of Standards and Technology, a federal agency within the Department of Commerce, released the results of a 2019 study on facial recognition technology, finding that the majority of facial recognition algorithms have demographic differences resulting in a potential negative impact on accuracy based on a person’s age, gender, or race. Entities collecting biometric data may be subject to substantial guesswork in trying to create and implement biometric data privacy policies to protect biometric data and to protect civil rights and civil liberties.

Resources