Healthcare Cybersecurity in the time of Coronavirus
By Zeljka Zorz
On Sunday, the US Health and Human Services Department was ostensibly hit by a distributed denial of service (DDoS) attack that, luckily, did not impact the agency’s operation in a meaningful way. Its website, which provides information to the US public about how to cope with the Covid-19 situation, was not affected by the attack.
By now, those hoping that cybercriminals would spare healthcare organizations from cyber attacks while the Covid-19 virus spreads across the world must have realized that there are always people who have no qualms about exploiting a bad situation for their own advantage.
Nothing’s changed, really
“We’d like to think that in a world where everyone is effectively in the same boat, a sense of togetherness, an unwritten code of conduct, or even a sense of morality would prevent bad actors from doing bad things – even if just temporarily. This obviously is not the case and if anything should serve as a reminder to organizations that one threat hasn’t been traded for another,” Adam Laub, CMO, Stealthbits, told Help Net Security.
“To the contrary, individuals and groups that prey on the weak will likely look to take advantage of this dire situation, causing more disruption to organizations already reeling from the financial distress, business disruption, and human resource nightmare the coronavirus pandemic has inflicted in just a short period of time,” he added.
“What’s particularly disturbing about this latest incident at the U.S. Health and Human Services Department is that the intent of the attack appears to be driven entirely by malice, seeking only to prevent the men and women trying desperately to protect millions of American citizens from harm from doing their jobs, as well as spread false information in order to generate more panic and uncertainty.”
Patients might end up bearing the brunt of successful cyber attacks but, Covid-19 or no Covid-19, the danger for healthcare organizations has effectively remained the same – only the stakes got higher.
Healthcare organizations must remain vigilant on all fronts
It is crucial for healthcare organizations and agencies not to ignore cybersecurity and data protection at this moment.
Educating healthcare employees about the increased risk of ransomware attacks, Covid-19-themed phishing attacks and disinformation is more important than ever.
Nurses and other healthcare professionals are, according to Proofpoint, one of phishers’ preferred targets as they have access to all the data.
Generally, healthcare organizations share many weak links and attack surfaces as every other industry – phishing attacks on employees, cloud infrastructure and a remote workforce – but there are some challenges only they face, notes Sam Roguine, a director at Arcserve.
These include the security of medical devices, Wi-Fi access for patients (the patient Wi-Fi network should be fully isolated from the primary one) and, at the moment, shifting priorities driven by the Covid-19 outbreak.
“If the scenarios in Italy or China were to repeat in the United States, many hospitals will be in ‘Code Black,’ which is when the influx of patients is bigger than what hospital can handle. Hospitals will have to prioritize patient care, reducing the focus on everything else, including business continuity and disaster recovery (BCDR) and cybersecurity. This is a gap that hackers are going to leverage,” he noted.
Healthcare organizations must implement best-in-class centralized security with enhanced detection and response, review security practices, and include every aspect of the organization’s operations – not just obvious IT systems like servers, but also medical devices, employees wearables, cloud services, patient systems, and more, he says, and recommends them to follow the NIST Cybersecurity Framework for every aspect of their operations.
“CISOs must remain very vigilant. Cyberattacks can and will affect hospital operations, and the ability of healthcare organizations to cope with Covid-19 patients. When CISOs plan for scenarios like this one, cybersecurity, backup, disaster recovery and continuous availability technologies cannot be underestimated or placed on the backburner,” he concluded.