The healthcare industry has always been a prime target for cybercriminals, but it’s particularly vulnerable now thanks to the chaos and stress of the COVID-19 pandemic. With healthcare systems under strain and medical professionals getting used to new ways of working, hackers are taking advantage of all the moving parts.
We asked the experts at ESET to explain the key cybersecurity threats facing the healthcare industry in 2020, and how you can prevent them.
3 of the main healthcare cyber attacks in 2020
These are the major security threats in healthcare right now.
Phishing emails
The pandemic has caused a lot of confusion and uncertainty, and cybercriminals are preying on that by sending phishing emails to healthcare workers. Since there’s so much we don’t know about the coronavirus, most of these scams target healthcare professionals’ desire for a) more information and b) equipment.
There are a few different types of emails circulating. A common one is hackers posing as medical experts and government officials with the latest data about COVID-19, which is appealing to healthcare workers who are eager to learn more about treating or diagnosing the virus.
Other emails lure workers into downloading “coronavirus trackers” to stay on top of case numbers — and trick them into installing malware on their computer. Finally, there are malicious emails trying to get workers to send sensitive data, like passwords and patient records, by asking them to confirm a delivery for Personal Protective Equipment (PPE) or ventilators.
Identify theft
Hackers value medical data because they can sell it on the Dark Web. Plus, their job is made easier by the fact that many hospitals and doctor’s clinics use outdated data storage systems.
The shift to remote work has increased the threat of identity theft. With non-essential employees working from home and some healthcare professionals shifting to telemedicine platforms, a lot of communication has moved online to emails and live chats. This gives hackers more opportunity, and makes their attempts to steal data a little more believable. It’s the perfect storm, because employees often end up sharing sensitive data with hackers and compromising the security of their patients.
Lack of cybersecurity training
Along with using outdated systems, some healthcare workers aren’t trained on cybersecurity measures. These include creating strong passwords, activating multi-factor authentication (MFA) and securing their WiFi connection against unwanted intruders. They may not have the latest and greatest software installed on their home computers, either.
Without this training, healthcare workers don’t know which red flags and warning signs to look out for. So, they’re more likely to click on a link that asks them to “restore access” to their email or appointment booking platform.
How to protect patient data
Let’s talk about healthcare cybersecurity best practices. There are a few ways to boost your cybersecurity and protect your organisation and your patients.
Don’t skip any software updates
As technology improves, so does cybersecurity — which is why manufacturers release multiple software updates every year.
While it’s tempting to ignore software updates, it’s more important than ever to stop what you’re doing and install them. They contain “patches” that address security flaws and fix bugs so it’s harder for hackers to access your devices and data. They typically take a few minutes to install, and we suggest turning on automatic updates so you don’t have to think about it.
Use a sophisticated antivirus software
You know better than anyone that prevention is better than cure. That’s where antivirus software comes in.
Think of it as a way to prevent infection. It protects your computer from healthcare ransomware attacks and malware that might damage your systems, and assesses any outside devices that are trying to tap into your WiFi network and webcam.
Though you can download free antivirus software online, a subscription software like ESET Secure Business is a safer bet. An all-round security solution for businesses, it offers a multi-layered defence against any number of healthcare cyber attacks, including identity theft and phishing emails. It also has a remote security management feature, which makes it easier to protect any devices employees are using while they’re working from home.
Back up your data regularly
It doesn’t matter what industry you work in, backing up data should be a habit. You want to save any sensitive data and documents in at least one other location. It can be physical or virtual — like a hard drive or cloud system — but the key is to store information in separate, secure places.
Being the victim of a healthcare cyber attack is devastating, but if you have a backup, you’ll be able to recover lost data and patient records much quicker. Otherwise, the hacking attempt might have a crippling effect on your healthcare organisation.
Assess cybersecurity risks often
Work with IT data security specialists to mitigate risks, or enlist a software to help you do just that.
ESET Threat Intelligence Service monitors cyber risks and attacks and offers in-depth, up-to-date global knowledge about specific threats. It helps businesses to identify their vulnerabilities and detect advanced and persistent threats. Then, it adjusts your security solutions to prevent malware attacks.
Invest in security awareness training
In most cases, healthcare data breaches can be traced back to human error. If you don’t have cybersecurity training, it’s easy to make simple mistakes, like opening a phishing email or clicking on a link that downloads malware.
There are plenty of cybersecurity programs available to help employees identify threats and what to do next.
Create a good response plan
The last step is having a set of instructions to help employees detect, respond to and recover from cybersecurity incidents. That way, you’ll be able to snap into action as soon your organisation has a security breach and contain the damage. It also means a quicker return to normal operations.
Your response plan aside, create “post-attack” procedures that lay out the lessons learned and how you can do better when responding to future incidents.
Protect yourself and your patients with proper security
Browse ESET’s range of security software, and get in touch with their team of experts to upgrade your system now.
Author Bio:
About ESET
ESET is a global internet security company, providing threat detection solutions for businesses and consumers in more than 200 countries and territories.
