Page 5 - SFHN Dec 2020
P. 5
Safeguarding from Cyberattacks
Healthcare organiza- using paper records for track-
tions remain a popular ing and treating patients,
target for cyberattacks increasing the possibility of
in part because protect- an error or delay that could
ed health information directly impact patient safety.
(PHI) is more valuable Vishing is another type of
than most other types cyberattack that has become
of data. A study from more common during the
Experian found that COVID-19 pandemic. While
medical records sold phishing email scams have
for up to $1,000 each become common, and many
on the dark web, organizations train employees
whereas credit card BY MICHAEL LEE to guard against them, vishing
numbers sold for just uses similar deception via
$100. phone calls that impersonate
While trying to offer better and more a trusted entity. The threat actor may
efficient care, healthcare organizations try to get targets to disclose their login
are exposed to greater vulnerability. The credentials or other sensitive informa-
growing use of telehealth, connected tion. The FBI and DHS issued a joint
devices, data sharing and third-party warning in August that remote work-
partnerships all increase the number of ers in healthcare have been a top target
access points for threat actors. of vishing scams during the coron-
Unfortunately, the expanded use of tech- avirus pandemic, seeking to exploit
nology has not corresponded sufficiently security gaps during the industry’s applications and all information system penetration testing, network and end-
to increased investment in cybersecurity. rapid shift to telehealth. endpoints. Use advanced security infor- point assessments, vulnerability scan-
For example, research by Gartner found Spoofed login pages are another popu- mation event management (SIEM) soft- ning assessments, email cyberattack
that healthcare providers only devote lar hacking tactic. According to a study ware, data visualization tools, artificial assessments and more.
about 5% of the IT budget to cybersecu- by the email security platform IRON- intelligence tools and security automa-
rity, even though more than four in five SCALES, more than 50,000 login pages tion as needed to achieve 24/7/365 mon- Michael Lee is Principal at BDO Digital.
hospitals had experienced a significant and 200 brands were spoofed during the itoring and instantaneous response.
cyber incident in the past year. first half of 2020. 2. Confirm information system Contact:
Inadequate spending on security also Healthcare organizations handle scores resilience on a continual basis: Establish Alfredo Cepero, Managing Partner
increases the likelihood that human error of sensitive data and rely on operational and periodically test the comprehensive 305-420-8006/ acepero@bdo.com
could expose PHI to a breach, as miscon- systems for care, but they may also have incident response plan, business conti-
figured databases and cloud architecture limited budgets for cybersecurity while nuity plan and disaster recovery plan to Angelo Pirozzi, Partner
can lead to poorly secured medical facing an array of threats. That’s why it’s minimize the potential damage from 646-520-2870 / apirozzi@bdo.com
records. Healthcare organizations, partic- vital to focus resources on managed cyberattacks and protect operations.
ularly those in public systems, are also detection and response and increasing 3. Conduct diagnostic assessments of
more likely to be underfunded, under- cyber resilience, which helps protect technical architecture: Regularly conduct
staffed and undertrained for cybersecuri- internal systems and secure the storage
ty. Legacy systems running on outdated and transmission of high-value data.
technology are much more susceptible to
cyber threats, particularly if an organiza- Cybersecurity for All Industries
tion relies on unpatched software that Digital tools and increased connectivi-
has known vulnerabilities. ty offer many benefits, especially as busi-
Unfortunately, deploying technology nesses mitigate the impacts of a global
solutions without robust cybersecurity pandemic, but security should be top of
practices only invites new maladies. mind as technology adoption accelerates.
This is especially important for the
Common Cyber Threat Vectors healthcare industry, because the highly
According to the U.S. Department of sensitive data that they collect, store and
Health and Human Services, their Office process is a high-value target for deter-
for Civil Rights was investigating 306 mined threat actors.
healthcare provider breaches that were Continuous threat monitoring and
reported between January and October 1, coordinated management of security
2020. More than two-thirds of breaches tools help to guard against vulnerabili-
were related to hacking or IT incidents, ties, but there are always new risks
exposing organizations to significant emerging, and this has been especially
HIPAA violations. Hackers often use true during the COVID-19 pandemic.
social engineering tactics to get compro- Many organizations have also tightened
mised credentials by manipulating a budgets during the economic downturn,
company’s employees to gain unautho- although it’s foolish to skimp on cyberse-
rized access to sensitive data and sys- curity. That’s why prioritizing specific
tems. areas for security resources is so crucial.
Healthcare providers are also a com- As healthcare confronts cyber threats
mon target of ransomware attacks, which that are increasing in both number and
use malware to control key systems and sophistication, it’s critical to prioritize
databases and then demand payment to spending on managed detection and
restore access. More than two dozen rapid response, as well as overall cyber
healthcare providers were impacted by resilience. These are the cybersecurity
ransomware just during the first five must-haves in 2020. When supported by
months of 2020, and the American routine assessment of the technical infra-
Hospital Association noted that ran- structure, alongside firm-wide security
somware tactics have specifically adapted training for all employees, even business-
to exploit vulnerabilities during COVID- es in the most frequently targeted indus-
19. According to a RiskIQ report, attack- tries can protect against the persistent
ers deliberately target smaller organiza- barrage of cyber threats.
tions that are less likely to have strong
cybersecurity practices. One small hospi- Top Priorities for Cybersecurity
tal in Colorado was struck by ran- 1. Use managed detection and
somware and subsequently found that response services: Ensure you have secu-
five years of patient records were no rity measures in place to continuously
longer accessible. Some hospitals affect- monitor, detect and respond to threats to
ed by ransomware have even resorted to the email system, network, software
South Florida Hospital News southfloridahospitalnews.com December 2020 5
