• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Life Sciences
  • Investments
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage

COVID-19 Exposed The True Vulnerability of Healthcare Infrastructure

by Martyn Crew, Director of Solutions Marketing at Gigamon 12/21/2020 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
How COVID-19 Exposed The True Vulnerability of Healthcare Infrastructure
Martyn Crew, Director of Solutions Marketing at Gigamon

In 2019, 41 million patient records breached in 572 reported incidents at an average cost of $1.8 million per breach. These statistics are far from surprising with healthcare records selling for a reported average of $45 on the dark web. Unfortunately, the year 2020 aggravated these issues as COVID-19 exposed the true vulnerability of the healthcare infrastructure. Organizations not only had to manage the medical and financial impacts of the pandemic but also the security risks inherent in the work-from-home (WFH) model and the increasingly sophisticated attacks of cybercriminals intent on exploiting these vulnerabilities. In this article, we’ll dive into some of these growing threats.

The Bare Minimum of EDR

Although most organizations have now provided WFH employees with secure computers using endpoint detection and response (EDR) solutions or mandated the use of virtual private networks (VPNs), this does not fully solve the security problem.

These solutions may protect the user and network from future attacks, but if network infiltration has already occurred, threats in the form of advanced persistent threats (APTs) may be lying dormant for weeks, months, or maybe even years, on an apparently secure network. To respond to these threats, a network detection and response (NDR) capability is required. This capability looks for activity or patterns of behavior from users or network servers that indicate attacks may be in progress may have taken place or may be developing.

Ideally, EDR and NDR need to be integrated and used together to provide end-to-end network visibility and security.

Exploited Fears

Cybercriminals and other bad actors were quick to exploit the COVID-19 pandemic with, for example, phishing attacks. These exploited the fears of healthcare consumers and healthcare workers who, in the early days of WFH, were often accessing corporate networks on secured mobile phones and personal computers from their home networks.

This led to a variety of security issues; for example, Mirai botnet–type attacks that exploited WFH practices to infect healthcare organizations’ networks or dropper-based attacks that loaded malware to steal users’ credentials and ultimately lead to ransomware attacks. While these attacks still continue, most healthcare organizations have taken the measures necessary to secure their networks and their patient and organizations’ data.

A Spike in State-Sponsored Attacks

Beyond threats from financially motivated cybercriminals looms the threat from highly sophisticated and well-resourced state-sponsored attackers. As widely reported in the media, there has been a spike in state-sponsored security attacks on lab and research facilities working on COVID-19 treatments. For example, the Wall Street Journal cited U.S. officials as suggesting that Chinese and Iranian hackers are targeting universities and pharmaceutical and other healthcare firms that are working to find a vaccine for COVID-19, in an attempt to disrupt this research and slow its development.

In addition to direct attacks on research institutions, software vendors that develop the tools used by these institutions are also at risk. Security is becoming a “supply chain” issue that touches not only all of the network users and assets but also all the precursors to these assets, including the network carriers and software vendors on which network users rely.

Lack of Trust

Who can you trust in this expanded threat environment? To take proper precautions, nobody. As healthcare consumers and the workforce want or need to operate on an “access anywhere, anytime” model, adopting what’s called a Zero Trust security architecture not only makes sense, it is close to an imperative for healthcare organizations.

Zero Trust means that, because the network is under constant attack from a huge array of external and internal threats, all users, devices, applications, and resources on the network must be treated as being hostile. These users and devices need to be rigorously and continuously authenticated, while patient, research, and other data and network assets need to be protected at a much granular level than traditional perimeter-based security models allow.

The Rise of IoMT Devices

Healthcare organizations must also find new, more cost-effective ways to deliver high-quality healthcare to their increasingly tech-savvy consumers – and the use of Internet of Medical Things (IoMT) devices is critical to this process. IoMT devices, ranging from simple telehealth and remote patient monitoring to surgical robots and augmented reality technologies, can reduce operating costs and increase the quality of patient care.

COVID-19 has accelerated the adoption of IoMT technology, a process that will further accelerate with the availability of 5G networks over the coming one to three years. Many of the simpler IoMT devices don’t support traditional security models, so their adoption poses significant new threats unless healthcare institutions act to enhance security by, for example, ensuring that their network detection and response tools are ready for this challenge.

Looking ahead, it’s clear that the world is evolving towards a new normal, which will pose more threats and concerns for the healthcare industry. Recognizing this and preparing for the threats discussed, will create a better game plan for what’s to come and allow for necessary growth within healthcare infrastructure. 


About Matyn Crew
Martyn Crew is Director of Solutions Marketing at Gigamon. He brings a 30-year background in all aspects of enterprise IT to his role where he focuses on a number of initiatives and products including Gigamon’s Application Visibility and Intelligence solutions.


  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Augmented Reality, behavior, Coronavirus (COVID-19), Cybercriminals, Malware, model, Patient Care, Patient Monitoring, Phishing, Ransomware Attacks, remote patient monitoring, risk

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Interview

Reach7 Diabetes Studios Founder Chun Yong on Reimagining Chronic Care with a Concierge Medical Model

Most-Read

KLAS Report: Oracle Health Faces Customer Losses and Declining Satisfaction

KLAS Report: Oracle Health Faces Customer Losses and Declining Satisfaction

Tempus AI Acquires Digital Pathology Leader Paige for $81.25M

M&A:Tempus AI Acquires Digital Pathology Leader Paige for $81.25M

Mira Launches Ultra4™, the First At-Home Hormone Monitor with Lab-Quality Insights

Femtech: Mira Launches Ultra4™, the First At-Home Hormone Monitor with Lab-Quality Insights

Preparing for the ‘Big Beautiful Bill’: How Digitization Can Streamline Medicaid Eligibility & Social Care Delivery

Preparing for the ‘Big Beautiful Bill’: How Digitization Can Streamline Medicaid Eligibility & Social Care Delivery

How Healthcare CIOs Can Solve the Unstructured Data Crisis and Reduce Storage Costs

How Healthcare CIOs Can Solve the Unstructured Data Crisis and Reduce Storage Costs

Healthcare C-Suite Acknowledges AI Potential but Lacks Trust

Sage Growth Partners Report: Healthcare C-Suite Acknowledges AI Potential but Lacks Trust

EVERSANA and Waltz Health Merge to Redefine Pharmaceutical Commercialization

EVERSANA and Waltz Health Merge to Redefine Pharmaceutical Commercialization

Advancing Diabetes Care: Combating Burnout and Harnessing Technology

Advancing Diabetes Care: Combating Burnout and Harnessing Technology

White House Event Unveils CMS Health Tech Ecosystem Initiative

White House Event Unveils CMS Health Tech Ecosystem Initiative

Meaningful Use Penalties_Meaningful Use_Partial Code Free_Senators Urge CMS to Establish Clear Metrics for ICD-10 Testing

CMS Finalizes TEAM Model: A New Era of Value-Based Surgical Care

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |