The Covid-19 pandemic hit and causes disruptions in the way businesses function. Their internal process and customer interactions changed. Consequently, organizations had to make significant changes by accelerating their digital initiatives. Most of them were forced to move their infrastructure, applications, and networks from on-premises to the cloud. In doing this, their data became more accessible to attackers. In 2021, cybersecurity threats are on the increase, and some threats stand out more than others.
One of the industries under the most significant threat of attack is the healthcare sector. As Covid-19 vaccines try to find their way into the market, attackers will take advantage of this situation. They will try to steal and exploit resources dedicated to the research process. As hospitals administer the vaccines, they will be target grounds for attackers. The criminals will also lure people into giving access to their data, resources, and organizations’ resources. How will the attackers carry out their attack plans?
Ransomware attacks will be rampant in the healthcare sector in 2021. This is according to the President and Founder of In the Cloud Technologies, Demetrius Cassidy. The attacks have become more complex in the last two years, and it’s only getting worse. Unfortunately, the healthcare sector is not well-prepared to combat ransomware. Attackers use embedded ransomware in emails, text messages, or file attachments. They strike when their recipients are least suspecting.
Given the increasing demand for resources due to Covid-19, email recipients are less likely to make critical decisions when they receive a malicious email. Worse still, detection and prevention strategies are still not practical, and the only solution is recovery.
There is also a fine line between patient care and confidentiality. If they have to choose, healthcare providers will choose the health of the patient first. This is a decision that can compromise data security.
If the healthcare system can utilize machine learning, deep learning, and Ai, they can protect their data. These systems are capable of identifying and retaining a potential attack. Unfortunately, the systems are costly and may not be realistic in terms of resources. “The healthcare system to be more conscientious in strengthening the weakest link: the user,” says Cassidy.
Carl Fransen, Founder and CEO of CTECH Consulting Group (https://www.ctechgroup.ca/top-calgary-it-services/), believes that the healthcare sector needs to educate people using the systems. Doctors, admin staff, nurses, and anyone else with access to the data systems need to understand the security processes. As they move their data from paper to digital systems, staff members need to know how the systems are connected to the internet. They should be made to understand how this leads to data breaches. As such, they should learn how to adhere to HIPAA, PIPA, GDPR, PCI, and other requirements.
Technology today allows organizations to enforce particular medical governance. They should move from reviewing their procedures annually to continually ensuring the proper handling of patient data within the correct parameters. Fransen continues to say.
Online Platforms at Risk
Another cybersecurity expert, Steadfast Solutions‘ project manager, Ian Brady, gives his thoughts. He says that during the Covid-19 pandemic, online platforms have been ramping up. However, this comes with the risk of confidential patient data loss. The healthcare sector needs to remember that there are hefty penalties from FDA when data breaches happen. Globally, several laws govern compliance.
Organizations need to continually carry out penetration testing and do audits of their systems. These must be done by approved thirds parties. Encryption is data is also crucial as it minimizes the chances of data attack and loss.
Healthcare providers do all their mandatory reporting of all adverse effects through online platforms. This also exposes them to security threats, and they must work towards strengthening their systems to ensure processes run smoothly.
When asked what the biggest healthcare security threat is for 2021, Alexander Freund said that “the biggest healthcare cybersecurity threat is and will continue to be breaches that allow for access to the corporate email.” This happens when credentials are compromised or employees lose an unencrypted portable device. An organization is also at risk when the corporate network is breached. Alexander is the President and Co-founder of 4IT in South Florida.
He continues to say that email breaches put healthcare companies at risk in 3 ways:
The first one happens when companies become too lenient and relax their policies about emails. Regardless of the data loss prevention strategies they put in place, personal health information still ends up in employees’ mailboxes. This contributes to email account breaches and puts the sensitive Protected Health Information in jeopardy. Hackers are always too willing to send PHI to unsuspecting victims to extort money from them. They threaten their victims to expose their data and information if they don’t comply with their demands.
Secondly, hackers can use emails to draw a list of all internal employees in a healthcare organization. They will use this information to send out emails to the employees’ contacts to leverage trust between them and the mailbox owner.
This can create significant reputational risk. If the contacts are not aware of the scheme, they can provide sensitive information that will help the attackers attempt a breach of a vendor or customer.
The third risk is the way people notoriously reuse their password combinations. Most companies have policies against this, but employees fail to adhere. Once hackers compromise a set of credentials, they will try them on hundreds of other websites to gain access to additional data. For example, they can test the credentials on different platforms like Paychex, ADP, or other payroll sites to try if they’ll work. The attempt on the passwords can extend to Facebook, Twitter, Google, and banking institutions. Since the process is automated, the risk is enormous.
The healthcare system is facing a significant security threat in 2021. While organizations are busy trying to protect patients’ welfare, they also need to invest in data protection systems. The hacking systems are automated, and companies stand to lose a lot more than they will use investing in security.