Multiple factors have led to the surge in hacking attempts and cybersecurity threats to healthcare data in the past year. Medical, scientific, and pharma organizations were targeted by ransomware and fraud schemes for their valuable data and PHI. They were considered more vulnerable to malicious attacks while they rushed to address the health emergency during the pandemic and as more employees worked remotely.
The FBI and other agencies raised the red flag about the increase of cybercrime during the COVID-19 pandemic. And now cybersecurity experts are anticipating a resurgence of attacks targeting healthcare in the coming months.
Vigilance was recommended during the crisis, but we also expect security to be a big concern post-COVID. The pandemic has changed the threat landscape, so how should our security landscape change in response?
Top 4 Cybersecurity Threats Post-Pandemic
Consider the following trends expected to impact the security environment for healthcare organizations when developing your risk management strategy for 2021.
1. Attacks Targeting Vulnerabilities Introduced by Telehealth
When the coronavirus caused a national emergency, the OCR relaxed the enforcement of penalties for HIPAA violations. This allowed doctors and healthcare professionals to use telehealth technology more broadly to communicate remotely with patients and others in the medical field. Telehealth platforms, include those not previously allowed by the HIPAA Security Rule. The unprecedented use of remote devices in the field was further driven by:
- More healthcare professionals working from home,
- Patients trying to avoid in-person medical visits and undue exposure to the virus, and
- The need for mobile clinics and testing facilities to be set up quickly.
This introduced great risk for cybersecurity vulnerabilities. For example, platforms without encryption may have been used to transmit PHI. Staff working remotely may not have used a VPN when accessing sensitive data. As healthcare organizations moved quickly to mitigate the spread of the virus, devices may have been added to the network bypassing some of the regular security protocol.
What can we expect to happen after the pandemic? The boom in telemedicine will likely lead to long-term adoption of this technology. And this larger digital footprint also means there is a larger attack surface. Cyberattacks will continue to target patient data through vulnerabilities created by the use of remote connections, unsecure devices, and videoconferencing platforms. Organizations can no longer be slow in responding to threats; they must assess security at every level of the telehealth environment.
2. Phishing, Ransomware, & Social Engineering Attacks
Healthcare experienced a big wave of phishing and ransomware attacks at the outset of the pandemic. When cases surge or there are developments in treatments, other waves of attempted data breaches are to be expected, such as trying to get healthcare employees to click on malicious links or attachments.
“Cybersecurity Ventures has crunched historical cybercrime numbers and predicts that a business will fall victim to a ransomware attack every 11 seconds in 2021. That’s down from every 14 seconds in 2019. The total cost of ransomware will exceed $20 billion globally.”
Social engineering schemes will be another likely method used to trick patients or healthcare staff to divulge sensitive information that can be used to commit billing fraud.
3. Expanding Threat of Cloud Breaches
During the pandemic, companies were quickly moving to the cloud or rushing to expand cloud-based systems. High security is one of the advantages of cloud computing, and that is only expected to improve in the future. Yet, as clients of CSPs, organizations are still a title=”cloud security” href=”/blog/webinar-cloud-basics/”>responsible for configuring and monitoring security controls. In the post-pandemic phase, we believe that there will be more hackers trying to penetrate cloud infrastructures and take advantage of misconfigurations.
4. Breaches Via IoT Devices
As the use of IoT devices expands in the healthcare field, we imagine that they will also become targets of cybersecurity attacks. Remotely controlled devices and home-deployed medical devices aren’t always engineered with the same robust security features as other hardware. Because hackers are opportunists, it’s easy to see why they would set their sights on IoT weaknesses to penetrate networks.
Protecting Health Information in 2021
As we look forward to a post-pandemic cybersecurity environment, teamwork will be necessary for success. Security professionals throughout the health care industry will need to communicate about threats and create a unified push for greater vigilance.
The medical system continues to be stressed by demand, limited by resources, facilitating remote work and telehealth, and introducing connected devices to the network, so vulnerabilities will arise. We know from experience that malicious attacks strike more often and damage their target with greater success in moments of disorganization. Working together will be crucial to protecting sensitive data.
Cybersecurity Assurance for Today and Tomorrow
At I.S. Partners, we work hard to stay up to date on the latest security threats and risk management strategies. We can help your healthcare organization to improve its security posture for today, and for the future. Contact our office to find out how to get started.