The word ‘unprecedented’ seems to have been used on a daily basis during the COVID-19 pandemic, particularly when it comes to the impact of the virus on patients, clinicians, resources and care delivery. But it has resonated equally strongly with hospital chief information security officers (CISOs), with its power to either stiffen resolve or ratchet up already stretched nervous tension as data security faces a whole new scale and level of cyber threats.
Far from arriving alone, the virus was accompanied by a host of cyber aggressors with an eye on the vulnerabilities that would almost certainly be exposed in the armour of healthcare institutions while attention and energy were diverted to the frontline of patient care.
Threats descended from all directions as organized cyber-crime breached hospital defenses to launch ransomware attacks. Some agencies even identified the hacking of coronavirus research lab systems by rival states as a real and growing threat. At the same time, the rapid rollout of new telehealth systems to reduce physical contact by enabling virtual patient communications and consultations was opening up a whole new front in the health data security war.
Cyber-attacks on the rise
Within weeks of the WHO declaring a pandemic on 11 March, the organization itself was reporting a five-fold increase in cyber-attacks on its own systems. In the UK, the C5 Capital alliance of cybersecurity businesses had already noted a 150% increase in attacks on healthcare systems between mid-January and March.
A series of high-profile incidents also made headlines. Access to systems across Brno University Hospital in the Czech Republic was disrupted and coronavirus test results delayed by a ransomware attack on the hospital’s research lab. In London, Hammersmith Medicines Research fell victim to a similar attack. And in the United States, the US Health and Human Services Department was hit by a DDoS assault.
By May, agencies including the National Cyber Security Centre (NCSC) in the UK and the Cyber Security and Infrastructure Security Agency (CISA) in the US were advising healthcare staff to change passwords and implement two-factor authentication in the face of a rising tide of password spraying attacks.
Given the scale of this onslaught – and the potential value of a rapidly accumulating and immensely valuable volume of patient data – it would not have been surprising for any institution to find itself caught on the back foot.
Source: Healthcare IT News