Contact Us      General Enquiries: +44 (0) 1273 834 000   Support / Service Desk: +44 (0) 113 360 9696

PAV IT

  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance
CONTACT SALESsupport
  • Home
  • Our latest Blogs
  • Blog
  • The Impact of COVID-19 on Healthcare Cybersecurity
May 28, 2022

The Impact of COVID-19 on Healthcare Cybersecurity

Friday, 16 October 2020 / Published in Blog, Sophos

The Impact of COVID-19 on Healthcare Cybersecurity

blog_sophos
By Puja Mahendru

COVID-19 has phenomenally altered the way healthcare functions, with growing adoption of telehealth and remote patient monitoring. The threat landscape in healthcare, too, has become fertile ground for phishing campaigns, malware, ransomware, breached patient records, and other cyberattacks on healthcare systems – all with far-reaching consequences.

According to Interpol, COVID-19 has led to shifts in targets from individuals and small businesses to government and critical health infrastructure. Security agencies in the U.K. and U.S. have unsurfaced targeted efforts against the healthcare, pharmaceutical, academic, and research industries tasked with providing uninterrupted patient care to infected people and in coronavirus vaccine research.

The healthcare sector is highly vulnerable today. Amidst one of the worst healthcare crises to have hit mankind, attackers are unflinchingly exploiting conditions like increases in teleworking – many with little or no prior experience and planning – fear and anxiety among the general masses, and an overworked and distracted medical workforce. Failure of healthcare systems can have dire consequences: failures to order drugs, schedule operations, or make ambulances available on time during emergencies.

In the fight against the pandemic, most countries rapidly rolled out virtual patient consultations using telehealth services in an effort to reduce physical contact to help prevent the spread of the disease. These services make use of remote access systems – which also means that every device and connection acts as a way into the healthcare system.

Given these unprecedented circumstances, the Office of Civil Rights (OCR) exercised enforcement discretion and announced that, during the pandemic, it will not impose penalties for noncompliance with HIPAA regulations against providers leveraging telehealth platforms that may not comply with privacy rules. This is giving hackers more leverage to deploy data breaches, ransomware attacks, EHR snooping, phishing attacks, and more.

Furthermore, to accommodate the rapidly rising numbers of infections and to support existing healthcare infrastructure, many countries around the world have had to create temporary COVID-19 facilities to house infected patients. Since these facilities are created in a hurry and the priority is to deliver patient care, security becomes a lower priority, with many crucial steps to protect networks and devices overlooked.

This, in turn, leads to weak spots in networks that are easily exploited by malicious actors. The Department of Health and Human Services has reported that between the months of February and May of this year, there have been 132 reported breaches. This is an almost 50% increase in reported breaches during the same time last year.

A result of the pandemic has also been a significant increase in the amount of patient health data stored by the government and healthcare organizations. Personal data like daily health parameters, co-morbid health status, insurance providers, as well as tracing all contacts who come in contact with an infected person can be exploited for identity theft and sold for a high value on the dark web.

Contact tracing and tracking apps are another source of privacy concerns. Sometimes patients’ medical history data needs to be sourced and transferred from regular hospitals to temporarily-created facilities, which happens over less secure technology. This puts hospitals and healthcare organizations at risk of “spray and pray” attacks by cybercriminals.

Fortified’s mid-year report found that 60% of healthcare breaches from the first half of 2020 were caused by a malicious attack or IT incident, rather than insiders. Email compromises have been the most common attack vector to gain access to healthcare networks and steal patient data during the pandemic. Fortified explained that these attacks are often executed by phishing campaigns used to drop malware or ransomware, which have remained prevalent throughout the crisis.

Given the scenario today, a focus on cybersecurity basics continues to be more important than ever. Organizations, especially in healthcare, must focus on email security and training. Users must be educated and tested with simulated phishing attacks and security awareness training. This creates both a positive security awareness culture and decreases the probability of users falling for attacks.

Network segmentation is another way organizations can limit or restrict communication between devices and systems that are critical to maintaining medical services. Today, when IT is already overwhelmed or understaffed, managed threat response services can help back up security operations by ensuring 24×7 threat hunting, detection, and response as well.

Learn more about Sophos products HERE

Original article can be found HERE

What you can read next

Watchguard dark web blog
Credential leaks are growing on the dark web
Microsoft Price Increase
Microsoft Price Increases
Private Internet Access Interview
Private Internet Access Interview With Nathan Collins

Recent Posts

  • Sophos Event Blog Header

    Better cyber protection doesn’t have to cost you more

    Most campaigns that vendors / resellers run is ...
  • Cyber Insurance Blog

    Cyber insurance: there’s bad news and there’s good news

    The threat environment is more challenging than...
  • Evolving Cyberattacks header

    How Common Types of Cyberattacks are Evolving

    Cyberattacks are ever changing. Read about cybe...
  • Watchguard MFA Header

    Protecting User Identity and Securing Business Trust with Multi-Factor Authentication

    THE EVOLUTION OF AUTHENTICATION – HOW WE GOT HE...
  • CRN Nomination 2022 Header

    CRN Best Company to Work For Nomination 2022

    Why is your company such a great place to work?...

Categories

  • Applications
  • Blog
  • Cisco
  • Commvault
  • Events
  • Legal
  • Manufacturing
  • Microsoft
  • Mimecast
  • Networking
  • News
  • Newsletters
  • Other News
  • Retail
  • Sophos
  • Watchguard

pavilion logo small

A leading IT infrastructure solution and support provider that has been delivering flexible and modular solutions and consultancy to businesses across the UK since 1988.

GET IN TOUCH

  • General Enquiries: +44 (0)1273 834 000
  • Support Desk: +44 (0)1273 834 433
  • Email: info@pav.co.uk
  • PAV I.T. Services
  • The Old Corn Mill, Bullhouse Mill
  • Lee Lane, Millhouse Green
  • Sheffield S36 9NN
  • View on Google Maps
  • About Us
    • Careers
    • Our Green Credentials
    • Privacy Policy
  • IT Certainty
    • Legal and Accountancy
    • Manufacturing Sector
    • Retail Sector
    • Case Studies
    • Customer Testimonials
  • Services
    • Backup and Disaster Recovery
    • IT Support Monitoring
    • Project Delivery
    • Cloud Services
    • Application Packaging
    • Pavilion Service Credits
  • News & Events
    • BLOG
    • Events
    • Newsletters
    • News
  • Technology Solutions
    • Communication and Collaboration
    • Modern Workspaces
    • Data and Governance

Pav IT © 2022 All rights reserved.

  • GET SOCIAL
TOP