The Novel Coronavirus pandemic that has left most countries battling to safeguard individuals has seen tireless efforts from healthcare professionals. Not only are our healthcare systems overloaded but there is also a drastic slip in global economy and instability in the socio-political scenario worldwide.
This has also opened opportunities for malicious intent users to make healthcare facilities an epicenter for cyberattacks. Office of Inspector General (OIG), Cybersecurity and Infrastructure Security Agency (CISA), and World Health Organization (WHO), issued a warning about increased hacker activity during the coronavirus pandemic and has included the various kinds of attacks that scammers and hackers are employing. It also includes details on how an individual can report a scam.
As COVID-19 continues to disrupt our economic, health, political and social system, there are unforeseen cyber risks that have emerged in the digital space. This pandemic has increased our dependency on several digital tools to maintain business continuity. Hackers are employing newer ways to access systems, especially targeting the healthcare ecosystem.
Increased Cyber Threats in the Time of Coronavirus
Over 150 countries across the globe have reported Coronavirus cases. The increasing number of cases has put a lot of stress on the healthcare sector in every region. It’s estimated that healthcare systems have seen approximately 150% increase in cyberattacks.
Brno University Hospital in the Czech Republic, on March 13th became a victim to one such cyberattack. As a result of this, the hospital had to shut down its network. This being the biggest COVID-19 testing facility in the Czech Republic, the impact of sudden shutdown has caused major disruption in the healthcare facilities.
Clinical research material related to COVID-19 has seen high importance in times of this pandemic. Hackers try to steal such confidential information which becomes highly priced in the dark web. Not just medical care centers but also a lot of medical research facilities are vulnerable for such attacks. Recently, the U.S. Department of Health and Human Services has also reported incidents of cyberattacks.
Tech and Video Conferencing Companies
Coronavirus themed malware has been recently reported by cyber security experts. The FBI has also sent alerts about supply chain attacks. Few medical facilities such as Illinois Public Health District’s website have reported ransomware attacks. In an effort to curtail such malicious attempts, domain name registrar has suspended over 600 malicious Coronavirus websites. All these incidents are clearly a proof of how cybersecurity is at stake in times of responding to the pandemic.
Because of restrictions imposed by various governing bodies, several practitioners are moving towards telehealth. Telehealth organizations and tech companies have been yet another focus for targeted cyberattacks. Zoom, one of the largest video conferencing companies recently experienced some security fallouts that were recently communicated. Following these incidents, Zoom has added additional security measures to become more resilient to cyber-attacks.
Healthcare Supply Chains
In a time when there is a shortage of medical equipment (PPE), pharmaceuticals, and healthcare inventory across the globe, hackers find it easy to deploy supply chain attacks. There have been several emails doing rounds on the internet claiming to provide vaccines, COVID-19 drugs, face-masks, sanitizers, and other medical equipment. Cybercriminals are exploiting the fears pertaining to Coronavirus to steal information, and have made healthcare systems an epicenter for such cyber crimes.
For times like this, it is critical to know that you can trust the suppliers you are communicating with to provide resources during COVID-19. Our team has provided the VendorProof Marketplace to ensure that healthcare organizations have access to legitimate suppliers during this time and can easily contact them for PPE and other essentials.
Why are Healthcare Systems Targeted for COVID-19 Cyber-Attacks?
These cyber threats have been in various forms over the past 2-3 months since the outbreak of COVID-19. Healthcare facilities have always been the target for cyber criminals, however now they have become more vulnerable. The most commonly reported scams include phishing emails, malicious coronavirus websites, social engineering attacks, data breach, denial of service attack (DDoS), and ransomware attacks.
Even though hackers can target any business or individual, given the current circumstances healthcare systems have become easy targets for hackers. Healthcare organizations contain and protect many forms of critical and confidential information including patient medical history. It’s impossible for healthcare systems to work seamlessly without this information in place. Given the urgency and critical nature of responding to COVID-19, cyber attackers are taking advantage of weaknesses in security and operational bandwidth at this time.
Most cyber criminals are aware about how the global healthcare professionals have been working to a breaking point. Hackers work on this weak link and are trying to exploit IT infrastructure relevant to healthcare organizations.
Precautions to Increase Security Against COVID-19 Cyber-Attacks
With so many examples of cyber attacks being reported, we cannot ignore the risks to healthcare organizations during COVID-19. These issues need to be addressed and fixed, else the repercussions of such attacks can be very expensive and dangerous given the criticality of the Coronavirus pandemic and personal information at risk.
Fortunately, such cyber risks are being acknowledged and businesses and government agencies are becoming more vigilant. Here are some suggestions for how to be responsible to combat cyber security threats and protect personal information and healthcare data during COVID-19.
Best Practices to Address Cyber Security Threats During COVID-19
- Continuously monitor all healthcare infrastructure and perform system hardening. Report any suspicious activity to concerned cyber security experts and government agencies.
- At all times use anti-malware, anti-virus software.
- Grant role-based access to clinical records and apply password policies across systems.
- Place critical systems in isolation and encourage the use of VPN to access medical information.
- Ensure you have a business continuity plan and backup healthcare records in a secure network.
- Regularly apply security patches to the system.
- Operational processing data should be secured using multi factor authentication.
- Report suspicious emails and do not click on unknown email links
- Most importantly, do not give away any private or confidential information. For better visibility, classify documents as public, internal, private or confidential.
ProviderTrust Data Security
At ProviderTrust, our team takes security seriously and routinely tests our environment to make sure that we are aware of risks and able to address concerns with our team. We recognize the nature of privacy and safety standards that need to be put in place to protect our customer, employee, and company information. We are proud to be held to the highest standards of excellence from multiple accreditors including NCQA and AICPA SOC.
During the response time to COVID-19 and each day, our team is committed to keep healthcare data and patients safe.