The COVID-19 outbreak is putting a serious strain on the resources of all aspects of the healthcare industry, and IT is one of the areas in which it is struggling to manage.
With the number of cases climbing and the influx of in-patients and inquiries, the ability to stay on top of cybersecurity has been increasingly challenging. As it stands, health services are ill-equipped to provide adequate cybersecurity support, at both an organizational and individual level, yet there hasn’t been a time when this has been more critical.
How has healthcare IT been affected?
The COVID-19 outbreak has seen an increase in threats to cybersecurity. The WHO, US Department of Health and Human Services (HHS), and several hospitals across the globe have been victims of cyberattacks during the crisis. Instances of hacking, ransomware and phishing campaigns have been reported worldwide.
Sunday, March 15th, the HHS was reported to have been hacked and an automated text message was sent out, informing citizens of a national lockdown beginning Monday. This was quickly recognized as spam and promptly reported by Bloomberg. Although the attack was successful, it didn’t appear that any data was stolen.
One of the Czech Republic’s largest testing hospitals for COVID-19 was forced to shut down its entire IT network due to data security breach with catastrophic results. Surgeries and test results were delayed, patients had to be transported to different facilities and data transfer and storage was affected.
Why is this happening now?
The COVID-19 crisis has brought about new IT challenges for healthcare professionals. The main reason for this is the radical changes that have been made to the way the healthcare system works, where organizations have needed to adapt quickly to operational and functional challenges.
Current security protocols have had to be overlooked, and many may not apply to new systems and tools that have hastily been put in place. This is due to an influx of patients, extremely high demand for information and many healthcare professionals working remotely with access to critical systems and electronic hospital records (EHR). This level of uncertainty can be exploited by cyberattackers.
Roderick Jones, founder of Rubica cybersecurity, has been predicting coronavirus related phishing campaigns in North America since February, and now more than ever highlights that cyberattacks of all sorts should be expected to take advantage. He describes the healthcare system as an “obvious target” because of the strain hospitals are already under due to COVID-19.
What are the next steps?
The public sector is seeking more specialized services from private companies and in order to cope with the increased threat to cybersecurity, healthcare professionals are now relying on a more healthcare-focused Managed Service Provider.
It’s fundamental to maintain the safe storage and transit of EHRs, and a HIPAA compliant managed service provider is specially equipped to deal with “big data” from various sources.
The demand for telemedicine capabilities over new communication platforms and increased data security needs to be overseen so that medical professionals can focus on providing essential care.