Healthcare is a treasure trove of private data that is valuable to cybercriminals. With interlinked networks and IoT devices, it’s ripe for the picking. Cybersecurity no longer is just a financial and privacy concern. It also could mean life or death.
Most hospitals have swaths of staff, and every member of their network has the potential to be lured in by traditional phishing methods, bad links in emails, and more. Combine this with device and network exploitation, and you have a recipe for a data disaster.
Now that healthcare has been under excruciating demand and pressure from the COVID-19 pandemic, cybercriminals are taking advantage. Doctors and nurses are too busy saving lives to worry about network security and IT.
Cyber-attacks Target Healthcare
Recent research from McAfee showed that there was a 630 percent increase in the number of external cloud attacks between January and April 2020, with healthcare the second-most targeted sector behind financial services.
In April, Microsoft alerted several dozen hospitals in a “first of its kind notification” that their gateway and VPN appliances are vulnerable to ransomware groups actively scanning for exposed endpoints.
Interpol has also recently issued a Purple Notice regarding the heightened threat of ransomware attacks on healthcare organizations at the forefront of efforts to combat COVID-19.
Especially alarming, according to Infosecurity Magazine, is what cyber-attacks could mean for the use of technology to diagnose and treat patients, including IoT devices that are implanted in patient’s bodies. Healthcare services increasingly depend on technology, including autonomous robots used in surgery and IoT devices that pump medicine into the human body. The performance of these systems could be significantly affected if they are connected to poorly secured networks that come under attack.
Secure Your Healthcare Network Now
Emerge IT Services conducts a thorough review of its healthcare clients’ networks. Many security measures could be recommended. For example, with so many connected devices and systems in a typical healthcare setting, different aspects of the network should be separated.
A multi-layered system of checks and balances also should be in place for larger systems within the network, such as connected machines and devices, and medical departments. Using a next-generation firewall as a unified threat management system, captive portal logins should be used so it is easy to identify who is logging into the system.
Segmentation is also important. Devices within the network, medical equipment, lab equipment, or heart monitors that have any connection to the internet should be separated from workstations where patient records or billing information are accessed. This separation helps ensure that if one part of the network is attacked, it won’t affect life-saving devices or the staff’s ability to administer patient care.
Passwords on all external connection points, and securing all endpoints is equally important.
A comprehensive network security strategy will lock away the sensitive information and make it difficult for a cyber thief to access, even if he or she gets into your network.
Train Your Employees on Threat Awareness
Training of all employees who access the network is critical. You need to ensure that they are trained in threat awareness and how to avoid letting unauthorized users onto your network.
We know that with all of the pressures the COVID-19 pandemic is putting on healthcare facilities, network security probably isn’t top-of-mind. But we also know cybercriminals are capitalizing on the pandemic, and health-care facilities are a top target.
If you would like to talk to one of our knowledgeable technicians about how to review and improve your network security, call Emerge today at 859-746-1030.