Good Cyber Story
Target Groups: Citizens, Society
Dominant Genes: Societal Awareness, Partnerships, Multi-Stakeholder Participation
DNA sequence Info

Cyber 4 HealthCare & SDCDC-19

Gcs health

The challenge

Gcs health 2

As the use of and dependence on digital services increased throughout the global pandemic, cybercrime has surged, threatening users and critical healthcare services alike. COVID-related scams and disinformation have undermined people’s trust in modern medicine, while Cyber-attacks against the healthcare sector have directly affected medical professionals as well as patients, depriving them of urgent care, and putting lives at risk.

At a time when the hospitals have been overburdened with patients, the sector has been targeted and particularly vulnerable to ransomware attacks due to legacy systems, lack of security awareness, and constrained IT budgets. As highlighted by a recent report from the CyberPeace institute, the lack of evidence of such attacks has also increased the accountability gap. At the same time the pandemic has also been exploited by malicious cyber actors targeting small and medium enterprises (SMEs) with COVID-19 related scams and phishing emails, including essential services like healthcare organizations. Deloitte’s Cyber Intelligence Centre also reported a spike in phishing attacks, Malspams and ransomware attacks with attackers using COVID-19 as bait. COVID-19 themed attacks have included relief packages scams and impersonation of trusted organizations, resulting in theft of confidential information and money from victims. In the context of a global health crisis and the compounding effects of cybercrime, there is a clear need for increased awareness and international cooperation on combating such harms.

A response

In response to these challenges, two initiatives, Cyber 4 Healthcare and The Safe Digital Community During COVID-19 (SDCDC-19) have been launched during the pandemic to contribute towards a safer cyberspace.

In 2020, the CyberPeace Institute launched Cyber 4 Healthcare, a healthcare-cybersecurity matchmaking service available to any healthcare organisation fighting COVID-19 with limited means. Through the programme, organisations receive free, trusted cybersecurity assistance such as audits, pentests, phishing simulations and more, from qualified and reputable companies like Microsoft, Rapid7 or Bi-Zone. Potential beneficiaries can contact Cyber 4 Healthcare, who can process requests until a match is found. Beneficiaries can range from NGOs like UnitedWayMumbai and Lakshyam in India that provide relief to families impacted by COVID19, to healthcare professionals like OneHealth.NG - an online pharmacy in Lagos, Nigeria, all the way to organizations active in COVID diagnosis solutions, blood banks and elderly support.

Meanwhile, to counter COVID-19 related scams disinformation, the The Foreign, Commonwealth & Development Office (FCDO) and the Nigerian NGO, the CyberSafe Foundation launched The Safe Digital Community During COVID-19 (SDCDC-19). As part of the UK Government's flagship digital for development programme (the Digital Access Programme), the SDCDC-19 is a rapid-response project providing a cyber security training programme for Small and Medium Enterprises, as well as a public information campaign using radio, video and social media. The project is designed to equip SMEs with the knowledge and skills required to identify, protect, detect, defend, and respond to cyber threats, while enabling a safe digital community in Nigeria.

The Impact

Both initiatives have contributed to raising awareness and strengthening the safety and security of citizens in the health crisis, and are the direct result of meaningful cooperation among the global community.

Cyber 4 Healthcare has materially improved the cybersecurity posture of beneficiaries, while pentests on their websites have helped prevent the leak of sensitive information. Over 100 requests for assistance have been received so far, and at the moment, the partners of Cyber 4 Healthcare are actively supporting 5 organisations on 3 continents, helping them respond to a variety of security issues. The seeds planted during those interactions are growing and pushing champions in each of the project’s beneficiaries to talk about cybersecurity with their colleagues at other NGOs, creating a network of interest on the topic which can spur increased investment in a ‘local first’ approach to healthcare-cybersecurity solutions. The accountability framework proposed by Cyber 4 Healthcare has also furthered the conversation in compliance circles on better norms and the need for their enforcement and implementation.

Meanwhile, the training programme launched by SDCDC-19 has reached 1504 small and medium enterprises from 35 states, of which 40% have been female-owned. In total, the trainings reached 3057 individuals, and in a post intervention survey 83% reported understanding prevalent cyber-attack methods and preventative measures while 76% implemented one or more security controls in their SME. In comparison, before training 57% participants were not able to identify a phishing attack. The mass cyber hygiene awareness campaign has thus far been deployed over 32 radio stations and social media channels while the radio dramas have reached an estimated 5.8m people. The Committee of Chief Information Security Officers of Nigerian Financial Institutions has also requested to adopt the radio jingles for roll-out in bank branches. After the initial 3-month cycle of the project, funding was extended to double the number of SMEs trained and increase the reach of the public information campaign.
Gc shealth4

Project DNA

Which aspects of this project have contributed to its success? And which, according to the implementing organisations, might play an important role in launching similar initiatives in other parts of the world? The project DNA profiling on the basis of the Good Cyber Stories framework highlighted the importance of three success genes in particular:

A - Societal Awareness

Societal Awareness

P - Partnerships


M - Multi-Stakeholder Participation

Multi-stakeholder Participation

Cyber 4 HealthCare & SDCDC-19

Project DNA

Multi-Stakeholder Participation
Local Ownership
Organisational Capacity
Transparency and Accountability
Legal and Institutional Framework
Political Importance
Societal Awareness

Join the EU Cyber Direct Network

Subscribe to the EU Cyber Direct newsletter and receive updates on our latest research, news, and events