Since the start of the COVID-19 pandemic, WHO has seen a dramatic increase in the number of cyberattacks directed at its staff and email scams targeting the public.
Some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel coronavirus response.
The leaked credentials did not put WHO systems at risk because the data was not recent. However, the attack did impact an older extranet system used by current and retired staff as well as partners.
WHO is now migrating affected systems to a more secure authentication system.
Scammers impersonating WHO in emails have also increasingly targeted the general public in order to channel donations to a fictitious fund and not the authentic COVID-19 Solidary Response Fund. The number of cyberattacks is now more than five times the number directed at the organisation in the same period last year.
“Ensuring the security of health information for member states and the privacy of users interacting with us is a priority for WHO at all times, but also particularly during the COVID-19 pandemic. We are grateful for the alerts we receive from member states and the private sector. We are all in this fight together,” said Bernardo Mariano, WHO’s Chief Information Officer.
WHO is working with the private sector to establish more robust internal systems and to strengthen security measures and is educating staff on cybersecurity risks.
WHO asks the public to remain vigilant against fraudulent emails and recommends the use of reliable sources to obtain factual information about COVID-19 and other health issues.