The State of Healthcare Cybersecurity During Covid-19

The pandemic has been the ultimate teacher in crisis management, forcing the industry to adjust to rapid change. Healthcare has been under pressure like never before to perform while also prioritizing cybersecurity in a time of constant flux. While the dust has settled slightly, more uncertainty and change is coming around the corner, from potential spikes in cases, to HIPAA policy changes. Experts recommend getting ahead of the curve and taking another look at security procedures and implementation.

Re-evaluate Telehealth Security Risks at the Dust Settles

Faced with no other options, Covid-19 forced healthcare organizations to think differently about how they operate and forced them to chart unknown territory quickly. This quick response meant that organizations weren’t left with much time to vet new software vendors thoroughly. Additionally, new relaxed policies allowed for more discretion to keep the industry moving.  

In particular, telehealth saw a massive increase in adoption, and organizations quickly implemented services to slow the spread of the virus. Lee Kim, Director of Privacy and Security at the Healthcare Information and Management Systems Society (HIMSS) North America, warns that while a lot of telehealth software is secure and robust in nature, IT leaders must make sure that your systems can withstand significant traffic and that your servers can keep up. No one knows what the fall will bring – spend the time now to vet your software suppliers. Smart organizations will also spend the next few weeks preparing their applications and online networks to scale. That means also re-vetting your software vendors to make sure they meet stringent security standards. 

The Focus on Remote Networks and End Point 

Hospitals and the healthcare industry implemented work from home (WFH) for the first time, and securing remote networks and endpoints became IT’s primary focus. Hospital workers were stressed, anxious, and new to working from home. Coupled with the near-constant change in policy and outside consultation from government agencies, WFH hospital workers became an easy target to exploit and new phishing campaigns were deployed. Lee Kim says, “IT security teams are dealing with the challenge of employees not used to working remotely, and some who are not too technically savvy…they might not necessarily pick up on something that looks suspicious.” She adds, “they [hospital workers] might also have so much more to do…normal procedures have to be revamped… it’s a different working reality.”

This new working reality means that IT teams have to think differently about keeping their end-points secure. Scott Augenbaum, Retired FBI Cybercrime Supervisor and Author of The Secret to CyberSecurity, recommends organizations “think holistically about how to engender a culture of security first that can be constantly reinforced. Education is your first line of defense.” 

Thankfully, cybersecurity software has improved its phishing detection capabilities and can cross-reference across other accounts, making your organizations less susceptible. 

Be on the Lookout for More Aggressive Ransomware

Just this year UCSF Medical school had to pay $1.14M in ransom to hackers who stole their data and left servers inaccessible. They weren’t the only high-profile organizations to be affected.  The Department of Health and Human Services in the US and the London research lab Hammersmith Medicines Research also suffered attacks.

HIMSS is warning that healthcare should prepare their systems for more aggressive and covert ransomware attacks this fall. These attacks can stay low for some time, weaving into hospital systems and critical software applications, all the while quietly gathering data and taking advantage of weaknesses. They wait until the most opportune time to strike and cause chaos.

Interested in improving your team’s cybersecurity presence? Visit CyberMaxx.com to learn more.