There is no doubt to anyone who lived through it that the year 2020 will be marked in history majorly by the Coronavirus pandemic that rocked the world and introduced us to many new things. From masks to social distancing to government mandates and lockdowns, there were many things we had never really experienced before that quickly became our norms.
Not only were we all as humans overwhelmed and exhausted with pandemic and all that came with it, but so many individuals were stretched thin due to their professions. Some unexpected folks could be grouped here such as grocery workers, delivery drivers, and teachers who were Zoom-ing from home; but those on the front lines of the hospitals and healthcare systems — nurses, doctors, EMTs, and many more — were pushed to their limits by trying to not only take care of all of our normal issues we have as the public, but now this unprecedented virus was thrust upon their plate as well.
This year showed how resilient these front line workers are without a doubt, but it also showed an unfortunate side of the world of health — cybersecurity for these crucial healthcare systems must be improved in order to allow these workers to do their jobs. COVID-19 exposed some major existing holes in the cyber protection of these entities that have existed for years and need to be addressed.
Cybercriminals are always looking for ways to gain access to our personal, private information so that they can use it for their own malicious goals. One of the most common ways that they will go about doing this is by covertly accessing networks of companies and other entities that have our sensitive information saved but not necessarily well-protected. Hospitals have some of our most important and personal information in their databases, making them a prime target for an especially evil actor.
In October of 2020 alone, the healthcare industry experienced at least 63 data breaches with 500 or more records stolen by hackers. That is for just one month out of a hectic and chaotic year full of cyber attacks on hospitals. This amount for October is 75% less than that of the previous month’s data breaches on healthcare systems but 26% higher than the previous 12-month average for such attacks on this industry.
IoT Turns Online Risks into Real Threats
IoT devices can be incredibly helpful for those who use them, particularly for work in the medical industry. COVID-19 saw hospitals overwhelmed beyond their capacities, and many of those locations who were able to, expanded their operations into temporary tents as extensions of the physical structures they were accustomed to working in. While hospitals had already been implementing IoT technologies into their regular operations, these temporary tents to deal with Coronavirus influx of patients required even more reliance on such devices. Things like remote patient monitoring and smart continuous glucose monitoring (CGM) for those with diabetes are just a few of the many examples of IoT use in the medical industry.
Though these IoT devices are necessary tools, they pose some major security risks to a hospital’s cybersecurity infrastructure. With these devices, security is a “bolt-on” rather than a built-in feature, as Kathy Hughes CISO at Northwell Health aptly puts it. This means that the manufacturers of these devices have not yet decided to create these items with the necessary security features needed in order to protect them from attack. If a malicious person were to gain access to one of the aforementioned IoT features (such as remote patient monitoring) and they hijacked it for their own malicious gain, they have the potential to turn a cyber attack into a very real life or death scenario.
Ransomware — Holding Our Personal Data for Pay
Ransomware is a type of malware that is popular with cybercriminals because they not only access and steal our vital information, but they then hold the company or hospital for ransom until they pay up. In 2020, ransomware attacks on healthcare facilities spiked since these malicious actors were aware of the way hospitals were being overwhelmed by patients. These systems just did not have the time to address cybersecurity and these malicious actors knew that. In the United States alone, the third quarter of 2020 saw ransomware attacks across all sectors double, with more attacks of this type in the healthcare industry than any other.
While the Coronavirus pandemic will eventually end, healthcare cybersecurity is a risk that will need to not only be addressed in the coming year, but always. Identifying issues and investing in proper protection can help to defend these vital systems from very real threats.