Recognizing Health Care Cyberthreats Exploiting the COVID-19 Pandemic

By Kayla Matthews, HealthIT writer and technology enthusiast, Tech Blog
Twitter: @ProductiBytes

Hackers are taking advantage of the coronavirus chaos to launch new scams and exploit vulnerabilities in remote work technologies that have never been used at such large scales before.

Right now, health care facilities are under extraordinary pressure as layouts are reconfigured, new technology is deployed and some staff members begin working from home. Hospitals and staff are also most likely to be targeted, probably because of the pressure they are under.

The crisis has made cybersecurity knowledge and good practices more important than ever.

Here’s how health care personnel and IT workers can prepare themselves for scams targeting health care.

Recognizing and Responding to Common Cyberthreats
All health care workers who have access to facility networks should learn to recognize the elements of common cyberattacks, like phishing email scams.

Phishing attacks are malicious emails or other digital communications sent by cybercriminals and designed to look like they are coming from an official or reputable source.

Many of these attacks will take advantage of current events — like COVID-19 and the federal relief response — to make themselves seem more urgent. Others will disguise themselves as emails someone may be expecting, such as a shipping confirmation report or notice of account activity.

These emails may sometimes include malicious attachments that, if opened or downloaded, can install programs that steal data or use credentials to gain network access. However, this isn’t always the case. Many phishing attacks are more interested in personal information.

It may not be clear what a hacker wants at first. If an email looks suspicious but isn’t asking for something that seems valuable, it may still be a phish.

If someone receives an email they believe to be a phishing attack, they should report it to the IT team. They will add the phishing address to the network’s spam filter and reduce the chances of further infiltration attempts.

Following Good Cybersecurity Practices During COVID-19
There are certain practices individuals can follow to reduce the risk that cybercriminals gain access to a personal computer or an employer’s network.

Always use strong passwords. Be careful when connecting to an unsecured network, especially if on a laptop or device provided by an employer. If someone is concerned about the security of their device or connection, they should reach out to the facility’s IT team.

Learning how to spot a scam can also keep people safe from health care cyberattacks. Certain sectors, like the gaming industry, have significant experience managing and responding to scams. Learning how security experts in these industries look out for attacks can help workers stay safe.

Health care IT and cybersecurity departments should be aware of current and emergent security threats. Remote workers can be harder to keep secure, especially if they offer telehealth services and need to comply with HIPAA.

Requiring employees to connect to facility networks through a VPN can help protect data being transferred from remote teams to on-site systems.

Communication with other cybersecurity professionals will be critical over the next few months. IT and cybersecurity teams should work together to stay on top of developments in the field, like the discovery of new vulnerabilities in WFH technology. It’s vital to understand what kind of challenges a network may face.

Keeping Health Care Networks Safe From COVID-19 Scams
The rise of cyberattacks isn’t likely to slow down soon. As health care facilities continue to change up their operations in response to growing pressure and adopt remote technology, they will become even more tempting targets for hackers.

IT and cybersecurity workers, as well as health care professionals, will need to remain vigilant over the next few months. Good cybersecurity practice and knowledge of common cyberattacks will be helpful in keeping medical networks and data safe.