Why healthcare providers must take action to eliminate cybersecurity risks
The pandemic has driven healthcare organizations to make a rapid pivot to digital technology. This has resulted in a surge in telehealth, telemedicine and connected technologies. In addition, with non-essential employees working remotely, this has expanded the threat landscape and cybercriminals are taking advantage of the new normal.
There has been a surge in pandemic related cybersecurity attacks. According to an INTERPOL report, since the pandemic, there has been a 22% increase in malicious domains; 36% increase in malware and ransomware; 9% increase in phishing, scams, and fraud; and a 14% percent increase in fake news.
In the healthcare sector, the number of data breaches has accelerated with 105 incidents in 2020 to date, affecting more than 2.5 million users. In Fortified’s 2020 Mid-Year Horizon Report, researchers found that 60% of healthcare breaches from the first half of 2020 were caused by a malicious attack or IT incident.
Healthcare providers must be cognizant of the risks driving the surge in security-related vulnerabilities and breaches. With healthcare organizations now relying more on technology, such as mobile applications, these apps hold more personal health information, again highlighting the importance of shoring up security vulnerabilities to prevent HIPAA breaches.
So what can healthcare providers do?
Identity authentication is essential to ensure that only authorized personnel have access to systems. This helps to protect data from the rising threats of ransomware, criminal hacking, phishing, and password attacks. Identity and access management is a core component of cybersecurity and puts password hygiene under a microscope. If a compromised password is in use, it can become an access point to the entire network.
Healthcare organizations can deploy the following steps to help solve the password problem.
- Make multi-factor authentication mandatory. Adopting additional authentication measures like adaptive authentication and biometrics adds more layers of protection, reducing the risks of a password attack.
- Deploy threat intelligence tools. These tools can automatically detect and prevent the use of compromised credentials. They are automated, which reduces the pressure on the IT team while improving security. By checking for exposed passwords before they are activated and monitoring on a continuous and ongoing basis, the risk of exposed passwords being used is removed. This approach as it stops systems from being an easy target for password-based attacks.
- Focus on exposure, not expiration. End the cycle of password resets. Don’t waste time and resources resetting passwords when the crux of the problem is exposure.
- Educate employees. Healthcare providers must continually educate employees on password best practices. This can help instill better security hygiene and discourage the use of weak passwords, password reuse and password sharing. Another simple step to alleviate password problems is to make every employee use a password manager before accessing any systems.
The Path Forward
In the rush to deliver connected healthcare services, providers must prioritize security to mitigate the growing threat vector. With the reliance on connected healthcare systems only poised to increase, organizations must continue to shore up their cybersecurity strategies and not overlook the basics, including identity access management and securing the password layer. If the pandemic has demonstrated anything, it’s about how critical it is to take preventive measures rather than hoping the problem will disappear.