While the global healthcare sector focuses its attention on fighting the Covid-19 Pandemic, cyber criminals have been quick to take advantage with attacks having risen over 300% since the pandemic began. From the U.S. Department of Health and Human Services reporting an attempted DDoS attack, to the World Health Organization revealing that it has had double the cyber attack attempts on its systems, the vulnerabilities of the healthcare IT and cybersecurity systems have continued to be highly stressed.
What makes healthcare-related data so attractive?
The healthcare sector was already under attack much before Covid-19 took the world by storm. Public Health Records offer the most detailed individual data available anywhere – and for scammers looking to commit identity theft, credit card scams and other fraudulent activities, stealing medical records prove to be the most financially attractive means to do so.
Such data is in huge demand and is bought and sold at lucrative prices, unlike simple credit card and social security numbers which are worth as little as a few cents. Unlike organizations in other sectors, for hospitals, getting their compromised systems back up and running as quickly as possible can be a matter of life-and-death and it is because of this that they are more likely to pay what the attackers demand. Further, the healthcare industry is far behind in terms of digital literacy and cyber security. Many use outdated software and have insufficient regulations, making them easy targets.
Even in the routine functioning of a hospital, many of the devices are interconnected via the Internet of Medical Things (IoMT), opening them up to vulnerabilities and giving fraudsters plenty of opportunities. Each connected device acts as another gateway through which an attacker can access and hack devices and networks. While hacking into internal communication systems is dangerous, imagine how dire the situation can get when devices such as surgical equipment and ventilators are tampered with.
How COVID exposes even more vulnerabilities
With employees working from home and accessing sensitive company information, possibly with unsecure internet connections, organizations don’t have much control over the unsecure networks or devices that employees use. The systems and data can be easily compromised, especially when personal data is accessed or unsecure websites are accessed. To add to this, health systems are understaffed in terms of IT and Cybersecurity Professionals.
Before Covid-19, tele-activities in healthcare were not common. But today, teleworking, teleconferencing, tele-governance and telehealth have become a vital need. There has been very little time to digitize healthcare to that extent and with haphazard systems put together in a short span of time, windows of opportunities have opened up for cyber criminals.
Cyber security in healthcare in the past was overlooked as it didn’t score high in essential services to the healthcare industry. But now, healthcare organizations need to ensure that vendors and services providers have these controls in place, and they need to do it in a very short span of time.
At SureShield, we can help – we provide technology that allows your organization to mitigate the risks related to your cybersecurity before they’ve even begun, while always keeping you in compliance with critical regulations. For a healthcare organization to ensure resilience and continuity of their essential services, there is a need to focus on securing their digital assets with a multi-pronged approach to managing risks over the short and long term