• COVID-19
  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • Artificial Intelligence
    • Blockchain
    • Mobile Health
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

COVID-19: Best Practices to Safeguard Organizations from Cybercriminals

by Claire Umeda, VP of Marketing at 4iQ 04/08/2020 Leave a Comment

With Coronavirus, Practice Good Cyber Hygiene
Claire Umeda, VP of Marketing at 4iQ

While we may consider health largely a private concern in the United States, our nation depends on the continuity and availability of its healthcare system in a very public way, as evidenced by the current coronavirus outbreak. Our critical healthcare infrastructure is vulnerable at this time, no doubt, but it truly has been inspiring to see doctors, scientists, and other industry professionals from around the world come together to stop the spread of COVID-19. To fend off exploitative cybercriminals, we must employ the same sort of collaboration.

It’s no surprise that the healthcare industry wears a large target on its back for cybercriminals, given the treasure trove of data it holds. Credit card fraud is certainly a problem, but healthcare identity fraud can become an absolute nightmare. A successfully stolen identity can provide just enough information to enable criminals to fraudulently bill for fictitious and expensive treatment regimens, in order to collect thousands of dollars from health insurers or even government programs. Imagine finding out at a regular check-up that your health record indicates you’ve had a kidney transplant!

As with any crisis, cybercriminals are seeking to exploit the fear and uncertainty surrounding the coronavirus by, for instance, exfiltrating sensitive medical data or stealing intellectual property for financial gain. Already, bad actors are engaging in targeted phishing campaigns by spoofing credible health organizations and experts alike. In addition, the sudden shift to work-from-home environments has opened up a range of new cybersecurity vulnerabilities arising from consumer home networks. In most homes, uninstalled router patches, old hardware, and bad password practices are commonplace, and criminals know it.

However, the good news is that these issues are not tough to resolve. For the most part, it’s a matter of awareness and understanding – and following – cybersecurity best practices. Organizations should implement mandatory cybersecurity training if they haven’t already, to educate employees. Many security breaches are avoidable by taking steps that prevent your company from becoming the weakest link in the chain.

The healthcare industry is the second largest sector of the U.S. economy, accounting for 17.8% of the national GDP in 2019. Medical record data is a lucrative source of cybercrime, selling at a higher price on the dark web than your typical financial data because it contains so much valuable information, from dates of birth to social security numbers. As mentioned in the fictitious kidney transplant example, medical records used to instigate insurance and tax fraud can go unnoticed for a long time, generating a steady stream of revenue for cybercriminals.

Unfortunately, the healthcare sector poses a relatively easy target for cybercriminals, as evidenced by a 2019 national report on healthcare preparedness which found an average of only 47% of organizations conforms with the NIST Cybersecurity Framework. This number is startlingly low and shows that organizations can do more to help their cause. This lack of preparedness has led to an 150% increase in healthcare attacks in the last 60 days. The exfiltration of sensitive information represents not only a net loss for the U.S. economy overall but also presents an opportunity for hacker groups and nation-states to illicitly procure funds.

With the digitalization of more medical equipment, it is increasingly feasible for cybercriminals to remotely damage or manipulate these devices. Historically, most ransomware involved locking computers behind a password while extorting money from victims. Now, with computers in medical devices, nefarious actors have the ability to surreptitiously manipulate medical equipment.

Cybercriminals could also capitalize upon information stolen from medical data breaches and blackmail individuals based on their exposed health conditions – especially people of notable political/social status. An attack like this recently targeted Singapore Health Services, seeking access to Prime Minister Lee Hsien Loong’s medication data. The hack also exposed roughly 14,200 HIV positive medical records, including names, addresses, and HIV statuses. Attribution methods seem to suggest that a nation-state actor was behind the strike.

To combat threats such as these, in October 2018, the Department of Health and Human Services opened a new cybersecurity unit – the Health Sector Cybersecurity Coordination Center (HC3). It’s encouraging to see this first step that recognizes the significance of protecting America’s health sector against cyber-attacks.

In closing, there’s no doubt you’ve seen many other startling statistics regarding the coronavirus, cybersecurity, or both, but know that these are not intended to scare, but instead inform and provide insight into why we should take these issues seriously. In the words of author David Kessler, “the precautions we’re taking are the right ones. History tells us that. This is survivable. We will survive. This is a time to overprotect but not overreact.”

Stopping the spread of this virus requires a concerted, group effort, so whether that means doing your part through social distancing, or by heading out into the frontlines of the global cyberwar, we all have a role to play. Doing our part now to implement and practice cyber best practices will help to safeguard organizations against future attacks.

RELATED:   Vaccine Safety Expert Shares 5 COVID-19 Vaccine Facts to Protect 2021

About Claire Umeda

Claire Umeda is Vice President of Marketing at 4iQ, where she leads go-to-market strategies, product marketing, sales enablement and brand management. Prior to joining 4iQ, Claire has held senior and executive marketing and product positions for startups in the security, communications, data management and social gaming spaces.


Tagged With: Coronavirus (COVID-19), Cyber hygiene, Cybercriminals, Cybersecurity, data management, Department of Health and Human Services, Health and Human Services, Intellectual Property, Medical Devices, medical records, medication, Notable, Phishing, Security Breaches

[ultimatesocial networks="facebook,twitter,google,linkedin,mail" url="" custom_class="us-posts-bottom" align="left" count="false"]

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

« Tyto Care Lands $50M for Telehealth Platform for On-Demand, Remote Medical Examinations
COVID-19 Forecast Dashboard Predicts Peak Hospital Admissions by County Level »

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Recent Articles

  • Cerner Leadership Changes, Other Key Executives Hires

    ... more
  • QGenda acquires Shift Admin – M&A

    QGenda Acquires Automated Provider Scheduling Platform Shift Admin – M&A

    ... more
  • Telehealth After COVID-19: What's Next for the Healthcare Industry?

    Transitioning from Traditional to E-Fax: How Healthcare Communications are Transforming Post-COVID

    ... more
  • FCC COVID-19 Telehealth Program Providers

    FCC Unveils 14 Initial Projects Selected for $100M Connected Care Pilot Program

    ... more

Most Read

  • Cerner Leadership Changes, Other Key Executives Hires
  • 20 COVID-19 Predictions and Trends for 2021 - Executive Roundup 20 COVID-19 Predictions and Trends for 2021 – Executive Roundup
  • FCC COVID-19 Telehealth Program Providers FCC Unveils 14 Initial Projects Selected for $100M Connected Care Pilot Program
  • 30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021 30 Executives Share Top Healthcare Predictions & Trends to Watch in 2021
  • 5G in Healthcare: 7 Advantages & Disadvantages for Providers to Know 5G in Healthcare: 7 Advantages & Disadvantages for Providers to Know
  • Job Titles for Healthcare Executives The Top 9 Most In-Demand Medical Jobs
  • FDA Approves COVID-19 Oral Fluid Test for Use Nationwide In-Depth: 32 FDA-Approved COVID-19 Testing Kits
  • Healthcare Breach Report 2016 6 Ways Health Informatics Is Transforming Health Care
  • CVS Health Launches Senior Medical Alert System, Symphony CVS Health Launches Senior Medical Alert System, Symphony
  • Fundamental Surgery Becomes First VR Surgical Training Simulation to Gain CPD Accreditation 18 Healthcare Augmented Reality and Virtual Reality Companies to Watch

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • 2020 Editorial Calendar
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2021. HIT Consultant Media. All Rights Reserved. Privacy Policy |