The ongoing COVID-19 pandemic has elevated many stressors within the healthcare industry. More than ever, healthcare organizations need to ensure they are implementing robust cybersecurity strategies within their IT infrastructure that protect all of their stakeholders. To help you identify gaps and prevent cybersecurity threats in your IT infrastructure, this article isolates five ways that the pandemic has changed cybersecurity in healthcare.
More Employees Working From Home
The pandemic forced many employees to work from home. Currently, 71% of employed adults are working from home, according to the Pew Research Center. Unfortunately, several healthcare organizations were forced into this situation without work from home solutions that could support these changes. Healthcare employees need the right tools so that they can work from home securely and remain productive.
Changes to Physical Access to Technology
This crisis called for many changes to hospitals providing emergency care for their patients. These healthcare organizations had to resort to measures such as building test sites in the hospital parking lots or reallocating conference areas for emergency use. Given the sudden nature of this need, medical care facilities did not have time to check that their technology was secure in these new physical locations.
The Uptick in Data Breaches
In 2020, major data breaches impacted hundreds of thousands of patients across the United States. Here are a few examples of data breaches that could have been avoided with the right managed security strategy. In April 2020, a ransomware attack on Arizona-based Magellan Health affected over 365,000 patients. In July, the Florida Orthopaedic Institute based out of Tampa reported a data breach that affected over 640,000 individuals. Another data breach that occurred between April and May at Trinity Health in Michigan compromised patient personally identifiable information (PII) including their full name, address, contact information, hospital location and insurance information.
When compared to credit card data, PII is much more valuable on the Dark Web. According to the Dark Web Price Index 2020, a cloned American Express card with PIN tops the payment card menu at $35 a pop, while credit card details generally sell for as little as $12-20.
Accelerated Transitions to Telehealth
Nationwide stay-at-home orders and elevated concerns of contracting an illness during the pandemic accelerated the need for healthcare organizations to transition to telehealth environments. These changes included more video consultations and also increased patient monitoring for homeless patients. Also, pandemic-related health risks increased home-based critical care for treatments such as dialysis, infusion and cancer care. These levels of care removed the cybersecurity protections from within the physical walls of the healthcare organization to home care scenarios that can leave PII vulnerable to threats.
Employees Negatively Impacting Cybersecurity
Before the pandemic, research showed that employees could negatively impact the cybersecurity within the companies for which they work. Prior to the pandemic, a state of the industry report by Shred-it cites employee negligence as the main cause of data breaches. Their findings indicate that 47% of business leaders said human error such as accidental loss of a device or document by an employee had caused a data breach at their organization.
This research is especially relevant today, as the pandemic has put much strain on healthcare employees, making it a challenge for IT teams to enforce training and protection from threats. Some IT teams had to implement remote access for employees while knowing they were putting their healthcare organization at risk because they did not have the technology in place to ensure adequate cybersecurity. This included not having technologies in place to ensure that employees were following security protocols. Gaps like these could have easily opened the doors to cybersecurity issues such as VPN exploitation, cloud misconfiguration and data theft by employees.
With all of these potential risks to your healthcare organization, this is the right time to bolster your cybersecurity. Security awareness training can help circumvent many of the cybersecurity risks imposed by employees. Managed services providers like TPx can recommend the strategy and tools to help protect your company and do much of the heavy lifting for you. Request a free, no-obligation quote for more information.