Healthcare IT experts recommend making these changes to your cybersecurity plan in order to stay ahead of the changes in policy and worsening cybercrime.
The pandemic has been the ultimate teacher in crisis management and forced the industry to adjust to rapid change. Healthcare has been under pressure like never before to perform while also prioritizing cybersecurity in a time of constant flux. While the dust has settled slightly, more uncertainty and change are coming around the corner, from potential spikes in cases, to HIPAA policy changes. Experts recommend getting ahead of the curve and taking another look at security procedures and implementation.
Re-evaluate Telehealth Security Risks at the Dust Settles
Faced with no other options, Covid-19 forced healthcare organizations to think differently about how they operate and chart new unknown territory quickly. This quick response meant that organizations weren’t left with much time to vet new software vendors thoroughly. Additionally, a new, relaxed policy allowed for more discretion to keep the industry moving.
In particular, telehealth saw a massive increase in adoption, and organizations quickly implemented services to slow the spread of the virus. Lee Kim, Director of Privacy and Security at the Healthcare Information and Management Systems Society (HIMSS) North America, warns that while a lot of telehealth software is secure and robust in nature, to make sure that your systems can withstand significant traffic and that your servers can keep up. No one knows what the fall will bring – spend the time now to vet your software suppliers.
Smart organizations will spend the next few weeks preparing their applications and online networks to scale, possibly by using MDR security services. That means also re-vetting your software vendors to make sure they meet stringent security standards.
The Focus on Remote Networks and End Point
Hospitals and the healthcare industry implemented work from home (WFH) for the first time, and securing remote networks and endpoints became IT’s primary focus. Hospital workers were stressed, anxious, and new to working from home. Coupled with the near-constant change in policy and outside consultation from government agencies, hospital workers WFH became an easy target to exploit and new phishing campaigns were deployed. Lee Kim says, “IT security teams are dealing with the challenge of employees not used to working remotely, and some who are not too technically savvy…they might not necessarily pick up on something that looks suspicious…” She continues to add that, “they [hospital workers] might also have so much more to do…normal procedures have to be revamped… it’s a different working reality.”
This new working reality means that IT teams have to think differently about keeping their end-points secure. Scott Augenbaum, Former Director of the FBI Memphis Division Computer Intrusion/Counterintelligence Squad, recommends organizations should “think holistically about how to engender a culture of security first that can be constantly reinforced. Education is your first line of defense.”
Thankfully, cybersecurity software has improved its phishing detection capabilities and can cross-reference across other accounts, making your organizations less susceptible.
Be on the Lookout for More Aggressive Ransomware
Just last year UCSF Medical school had to pay $1.14M in ransom to hackers who stole their data and left servers inaccessible. They weren’t the only high-profile organizations to be affected. The Department of Health and Human Services in the US also suffered an attack, as well as, London research lab, Hammersmith Medicines Research.
HIMSS is warning that healthcare should prepare their systems for more aggressive ransomware attacks this fall. These more aggressive attacks will be more covert. They can stay low for some time, weaving into hospital systems and critical software applications. Consequently, they can then quietly gather data and take advantage of weaknesses until the most opportune time to strike and cause chaos.