Hospitals and healthcare systems are prime targets for cybercriminals, primarily due to the massive archives of personally identifiable information that bring high prices on the black market. While healthcare networks have deployed some level of protection, new cyberthreats driven by the COVID-19 pandemic have begun to emerge.
Cybersecurity and COVID-19
According to a recent survey by LexisNexis, the healthcare industry has taken on more accountability (compared with previous years) to provide the technology tools needed to deliver high-quality, connected and cost-effective care. But along with these digital capabilities comes an increase in cybersecurity risks. As a result, healthcare executives are having to strategically shift their technology priorities to include solutions that overcome new cybersecurity challenges, data governance and interoperability — all of which have become more urgent due to COVID-19.
Changes brought on by the pandemic are likely to have a long-term impact on how the healthcare industry conducts business and how patients gain access to health care. This has organizations grappling with what processes will look like in a post-pandemic world and considering what short- and long-term adjustments will need to be made to operations. But to make proactive changes, organizations need to understand the risks they are up against.
The following are the top three emerging cybersecurity risks facing the healthcare industry and driven by the pandemic.
The simple fact that telemedicine services operate outside of a medical facility’s physical network makes organizations that aren’t protected more vulnerable to a cyberattack. This, and the increased volume in telehealth activity due to COVID-19, places additional stress on information technology infrastructures that can cause digital and physical patient information safeguards to relax, exposing organizations to threats and a potential Health Insurance Portability and Accountability Act breach.
For brokers serving the healthcare industry, it is important for your clients to stay informed when it comes to telemedicine compliance. To learn more, read our special report, Will COVID-19 Be the Moment of Truth for Telemedicine?
2. Healthcare Devices
Eighty-three percent of healthcare systems are running on outdated software. In fact, a recent survey showed that of the 1.2 million internet of things devices used in thousands of healthcare organizations across the U.S., 56% of devices were still running on the Windows 7 operating system, which Microsoft stopped supporting in January 2020. According to research conducted by Atlas VPN, COVID-19 has resulted in more hospitals using patient monitoring devices, with one in four such devices having security issues. In fact, the research showed that 16% of imaging systems have a 51% risk of getting hacked and 14% of patient monitoring tools have a 26% chance of being attacked. This year, more than 40% of health care executives say they plan to improve cybersecurity measures as a result of the pandemic.
3. Ransomware Attacks
COVID-19 has rapidly increased the number of ransomware attacks on the healthcare industry. In fact, Microsoft is warning hospitals to look out for sophisticated ransomware attacks that could target them through virtual private networks and other network devices. Critical infrastructure systems in hospitals are particularly threatened by ransomware, which can be locked up by malicious actors and unlocked only following hefty payments. According to Microsoft, a successful ransomware attack allows hackers to steal user credentials, elevate their privileges and move across compromised networks installing ransomware or other malware. Moving forward, healthcare organizations must be aggressive and proactive in the prevention and mitigation of ransomware threats.
As healthcare organizations battle COVID-19, they are also going head-to-head with cybersecurity threats from malicious actors looking to take advantage of the crisis. By staying informed of rising cybersecurity risks, implementing cyber-hygiene best practices and having a comprehensive cyber insurance policy to help mitigate risks, healthcare organizations can continue to operate safely as the industry navigates this new normal.
At Worldwide Facilities LLC, we are committed to providing our retail brokers who work with clients in the healthcare industry with the insurance products and resources needed to better manage cybersecurity risks.
To learn more, please contact a Healthcare specialist: