Right now, the whole country is having a déjà vu and is saying, “Here we go again” as COVID-19 cases are on the rise due to the Delta variant. The United States alone is on average more than 100,000 new cases per day – the highest rate since early February 2021.

Last year, hospitals and health organizations suffered brutal ransomware and phishing attacks during the COVID-19 pandemic. Attacks have come from all quarters and have taken healthcare establishments by surprise in the face of the aggressiveness and sheer volume of attacks and cyber threats. Hackers attempted to breach electronic medical records (EMRs) to gain access to valuable private patient data, a commodity highly prized on the black market. Internal employees were caught rummaging through patients’ medical records. And the third-party vendors (like machine technicians) and programs (like telehealth) that healthcare systems trust and rely on have become means that hackers can use to gain access to medical systems and information.

Now, with the Delta variant, healthcare organizations are undoubtedly looking at last year and the attacks so far this year to prepare for future cyber threats that come with an increase in the number of COVID cases and hospitalizations. Looking back, we can see the lessons learned from the cyber bomb drop on healthcare organizations and use those lessons to fuel future cybersecurity strategies.

COVID was like a training ground for hackers.

Hospitals were more concerned with providing care to patients and making sure they had enough space, staff, and equipment such as ventilators and PPE. Naturally, they may not have focused on cybersecurity, but on saving lives. But hackers noticed it and took advantage of it, which is why data breaches have increased by leaps and bounds in the healthcare industry.

Hospital networks continue to be major targets for hacking.

Not only is some of the most valuable health data data sold in underground markets, but the high volume of patients (and therefore patient data) makes hospitals a gold mine for hackers. Hospitals also can’t afford downtime when it comes to responding to ransomware and phishing attacks. They can’t shut down operations like other critical infrastructure or supply chain organizations – it could literally be a matter of life and death. Just look at a few recent examples, not even from last year but from the last few months:

• Eskenazi Healthcare in Indianapolis had to turn away ambulances while security teams resolved a ransomware attack.
• Memorial Health System, which has 64 hospitals in its network, had to cancel surgeries and x-ray treatments at its West Virginia and Ohio sites due to ransomware blocking computer access to health systems .
• Sanford Health in Sioux Falls, South Dakota has diverted ambulances to other hospitals as teams recover systems affected by a ransomware hack.
• In 2021 alone, 38 cyber attacks disrupted the services of 963 healthcare facilities.

The impact of ransomware on healthcare facilities could not only cost hospitals money and resources but also human lives.

The attack surface for hospitals continues to expand.

Now more than ever, hospitals need more equipment, greater production of supplies and more advanced technology and devices, not to mention the computing needs of home health workers who need to access remotely to the network of a health system. Hackers are Houdinis with the Internet; they will take any devices connected to the internet (be it medical equipment, laptops or VPNs) and use them as a means of attack. This is all the more risky as most hospitals manually calculate device inventory and lack a reliable means to identify which devices are active or inactive on the network at any given time. Now that the Delta variant plays COVID on a loop, hackers can continue to find more vulnerable devices, connections, and access points to exploit.

“Hospital systems struggle to keep cybersecurity under control throughout the supply chain and have little information about the cybersecurity practices of their third-party vendors. – IT health security

Hospitals need more cybersecurity protection.

Unfortunately, hospitals receive threats from all corners of the cyber threat landscape. They cannot escape the internal threat or the dangers of an external third party; the entire operation of a hospital relies on its employees, staff, suppliers and contractors. This means that their systems must follow suit and have more stringent security measures.

• Internal access rights should be checked frequently to ensure that staff members accessing patient records are effectively authorized to access them. If there are any suspicious access attempts, they should be reported, reported and investigated.
• Principles of zero trust must be deployed; this means that all external access attempts must be authenticated and verified before access is actually granted to the individual. And if hospitals can use third parties who already have secure remote access methods in place, even better – one less access point they have to worry about.

Cyber ​​security is worth investing in.

The government is in the process of passing a $ 1 trillion critical infrastructure bill, where nearly $ 2 billion is spent on cybersecurity alone. This is all due to the serious and real consequences of recent cyber attacks on critical infrastructures such as JBS, Colonial Pipeline and Kaseya. The amount of money critical infrastructure spends on cybersecurity efforts should wake up IT and security teams in hospitals, as they are just as prone to attack, if not more, than critical infrastructure. A recent report from CyberMDX and Philips revealed these alarming statistics on cybersecurity investments in the healthcare sector:

• Only 11% of those surveyed said cybersecurity is a high priority expense.
  • Let’s look at this again – 89% of respondents (which includes health IT and infosec managers, biomedical technicians and engineers) said cybersecurity is not a high priority expense.
• Two-thirds of those surveyed said they did not track the ROI of cybersecurity spending.
• Large hospitals said they closed their doors for an average of 6.2 hours at $ 21,500 / hour after a cyberattack.
• Mid-sized hospitals shut down an average of 10 hours at a rate of $ 45,700 / hour when they experience a cyberattack.
• 50-75% of respondents are not protected against common cybersecurity vulnerabilities such as Bluekeep, WannaCry, and NotPetya

The survey also found that there was a huge talent shortage in healthcare cybersecurity, and most healthcare facilities were struggling to fill positions within 100 days of posting. Additionally, compliance teams are under-resourced and under-funded. How can hospitals stay safe and meet compliance guidelines when there is no one to ensure they are meeting regulatory standards?

“Oh yes, the past can hurt. But you can either run away from it or learn from it. “

This is an opportunity for the health sector to learn from the past. We know healthcare IT teams are hurting, exhausted and struggling. And we know they want to do everything possible to keep their patients and staff safe. As cybersecurity professionals, we can help.

SecureLink offers solutions that can automate and streamline many practices that will strengthen security measures and mitigate the threat of a hack:

• Patient privacy monitoring – This tool reviews all attempts to access electronic medical records (EMRs) systems and reports any suspicious access. He sends the suspicion report to the appropriate parties so that investigations can begin immediately. The tool also uses machine learning capabilities to adapt to data and systems across the healthcare organization so that it is always up to date on appropriate or inappropriate access.
• SecureLink Access Intelligence – Access Intelligence is a user access review tool that periodically examines user access rights and permissions. It audits access to the internal system and practices role-based access control to ensure that the right people have access to the right internal systems (and that the wrong people are kept out of those systems).
• SecureLink for Business – Healthcare organizations can use SecureLink’s remote access platform to securely provide remote access to third-party vendors and contractors. Third parties are one of the biggest threats to the health sector; they also depend on it simultaneously. If a healthcare facility needs to provide remote network access to a third party, the SecureLink for Enterprises solution offers a secure third party connection that verifies every user through Zero Trust and authentication methods, ensuring that every connection is as low risk. to the network as possible.
• SecureLink for providers – If you are a third party serving a healthcare organization, we can help provide the security hospitals seek. SecureLink for Vendors provides third parties with a secure remote connection to their healthcare customers’ network. You can give your customers peace of mind by providing them with the exact kind of protection and security they are looking for.

The good news is, we’ve been through this before and now you have support on your side. Let’s work together to secure your healthcare system and stop threats.

The article Solving the Healthcare Cyber ​​Security Crisis first appeared on SecureLink.

*** This is a Syndicated Security Bloggers Network blog from SecureLink written by Tori Taylor. Read the original post at: https://www.securelink.com/blog/solving-the-healthcare-cybersecurity-crisis/