Healthcare under stress

Most people may see the COVID-19 pandemic as a medical battle, but it is also very much a cyber-battle.

Connected devices and innovative information sharing systems bring huge benefits for healthcare professionals and patients. From improving patient care and the speed of crisis response to organizational efficiency and much more. The emergence of telemedicine, digital health records, and wellness apps have made healthcare services more accessible and convenient. While these technologies are extremely helpful, they also expose the industry to vulnerabilities that cybercriminals attempt to exploit.

In the third week of National Cybersecurity Awareness Month, CISA and the National Cybersecurity Alliance (NCSA) urges everyone to explore the implications of using connected devices in healthcare. More importantly, the steps healthcare organizations can take to #BeCyberSmart.

Hospitals are at the top of the list of industries most vulnerable to cyberattacks. (Moody’s Investors Service)

The healthcare industry has always been a target for cyberattackers, if you keep up with security news at all, you know that following trends is good for cybercriminal business. As the COVID-19 pandemic persists, attackers are pulling every trick out of the bag. They even came up with some new ones to disrupt the healthcare industry specifically. You name it, we saw it, from fake COVID-19 maps and fraudulent welfare offers to scammers posing as delivery service employees, as well as lies about Facebook’s small business grant.

Unfortunately, cyberattackers do not see the healthcare industry as a neutralized zone. Thus, the news cycle includes seemingly constant updates about healthcare institutions falling victim to cyberattacks.

Recently, we saw the fatal effects of such activities, when a woman died as a result of a ransomware attack taking down a hospital’s servers.

A study from 2019 revealed much to improve in the healthcare industry’s cybersecurity regulations, policy awareness, and training. Even as healthcare professionals are relying more on connected devices to offer better patient care, only 32% of North American healthcare workers said they are aware of their organization’s cybersecurity policy.

Healthcare providers in the US and Canada are lawfully bound to protect sensitive patient healthcare information (PHI), yet an alarming number of healthcare employees say they do not understand the PHI laws that protect patient confidentiality. The study also revealed only 29% of healthcare employees were able to correctly identify the meaning of the Healthcare Insurance Portability and Accountability Act (HIPAA) Security Rule.

Providing top-quality care is always a priority for healthcare professionals, and that includes maintaining the safety of patients’ health information. It is key that healthcare IT leaders stay in-the-know about the cyber threats that could target their organizations. A skilled IT security team who understands your organization’s security needs and the proper security tools are essential to keep your networks safe and secure. Next, implement ongoing cybersecurity training for employees. The State of Cybersecurity in Healthcare – part 2 report revealed a severe lack of security training for healthcare employees, leaving organizations vulnerable to cyberattacks due to human error.