Healthcare Cybersecurity Attacks on the Rise During COVID-19 Outbreak
Shortages of staff and personal protective equipment (PPE) during the COVID-19 pandemic have left healthcare facilities and healthcare workers are vulnerable to illness. There is an additional threat to healthcare facilities that may be overlooked: cybersecurity.
Intelligence agencies and security firms have been raising the alarm that cyberattacks are on the rise during this time.
Why Threats are on the Rise
One reason for the increase in cyberattacks is the amount of people working from home, experts say. This could result in insecure access, unmanaged devices and shadow information technology (IT).
Microsoft is warning hospitals to be on the lookout for sophisticated ransomware attacks that could be targeted through VPNs or other network devices.
Even the World Health Organization (WHO) is not immune. The organization has seen attempted cyberattacks double since the COVID-19 outbreak. One attempted attack spoofed a login page for WHO employees in an attempt to steal passwords.
Data Protection Strategies
Maintain software updates: This may sound simple, but a first step you can take toward protecting your facility is enabling updates on all computers and devices used for anything work-related. Be sure to execute necessary security patches along the way as well.
Establish and anti-phishing strategy: Train employees on how to recognize malicious emails, websites or links. You can also use email systems with integrated anti-phishing solutions. Be aware that phishing emails are created to look more and more like they’re from reputable organizations, especially during the outbreak.
Use two-factor authentication: Use two-factor authentication where appropriate and use different passwords for different systems. You may also want to consider deploying antivirus software and ransomware protection.
Be aware of virtual appointments: While virtual appointments have helped slow the spread of COVID-19, conducting them on personal computers through third-party conferencing apps can pose a security risk. The National Institute of Standards and Technology published guidelines on protecting these virtual appointments from eavesdroppers.
In addition to the above recommendations, the American Hospital Association and the American Medical Association have created cybersecurity guidance for hospitals. The organizations recommend purging any unnecessary patient information from medical devices.