COVID-19 and Telehealth: Cybersecurity Issues and Solutions

36

Healthcare providers’ primary mission is to provide the most cost-effective care, but since they tend to have limited resources for managing cybersecurity, they may not succeed in delivering cost-effectiveness as they are targets for cyberattacks. Due to limited resources, many healthcare providers generally do not have strong information technology and security dedicated to implementing cybersecurity practices and controlling cyberattacks. 

By moving to an online environment with telemedicine, greatly influenced by the COVID-19 pandemic, healthcare providers can continue providing services. Since providers implement a work-from-home setup or virtual appointments they conduct in their office, they have to use their devices and network as a requirement to proceed with their work. While healthcare providers may think their devices and networks are secure, there are cybersecurity issues that they should be aware of that require further protection.

Healthcare cybersecurity during the COVID-19 pandemic can be concerning on account of rising cyber-threats and privacy breaches targeting vulnerable systems globally. Cybercrime quickly adapts to changes in every worldwide situation. When the COVID-19 pandemic started, malware cyberattackers identified common vulnerabilities, and they exploited their vulnerabilities by attempting attacks. 

Healthcare providers must be prepared to stop cyberattacks to protect the availability of essential health services as well as the confidentiality of medical information. 

What exactly are the COVID-19 healthcare cybersecurity issues and solutions? 

What are common COVID-19 healthcare cybersecurity issues?

There are three types of cyberattacks occurring during the COVID-19 pandemic. These three common cybersecurity issues are:

  • Scams and phishing
  • Malware
  • Distributed denial-of-service (DDoS) 

The Advanced Persistent Threat (APT) and other cyber-criminal groups perform COVID-19 related cyberattacks such as scams and phishing at vulnerable healthcare organizations. These cybercriminal groups are taking advantage of the pandemic for various motivations. For example, they collect information related to COVID-19 vaccines by establishing different strategies such as malware, phishing, or ransomware. 

Distributed Denial-of-Service (DDoS)

DDoS is the most indefensible cyberattack on online servers today, as it makes a significant impact on its victims. A distributed denial-of-service attack exploits various attack sources, compared to previous denial-of-service (DoS) attacks. DDoS is being spread using numerous hosts to start a correlated DoS attack against multiple targets, which effectively intensifies the attack and makes defense more complicated. 

Scams and Phishing

Scams and phishing are the most effective and common types of cyberattacks. Based on recent statistics, the success rate of phishing attacks is 30% or higher. Email, voice, and SMS are examples of phishing attacks targeting vulnerable healthcare organizations’ systems by enticing them with COVID-19 related topics. 

According to KnowBe4, there was a 600% increase in COVID-19 related phishing email attacks in Q1 of 2020. Cybercriminals use more subtle ways to lure victims, such as HTTPS encryption protocols in their websites — 75% of phishing sites have SSL. Moreover, Software-as-a-Service (SaaS) and webmail are the most targeted phishing sectors. 

Malware

Malware includes spyware, a Trojan horse, computer viruses, worms, and ransomware. During the COVID-19 pandemic, APT and other cybercriminal groups have exploited systems by spreading multiple viruses and malware through emails and websites. Certain types of malware, such as ransomware, are more effective for institutions heavily involved in dealing with the pandemic.

During the COVID-19 pandemic, healthcare organizations are one of the most targeted systems by cybercriminals. Numerous hacking attempts have highlighted the issues associated with cybersecurity in the healthcare sector. 

Since telemedicine is generally being run by computers and mobile devices — meaning, using the internet to access services — you can’t help but think about how to avoid these different types of cybercrime issues that may potentially affect your practice. 

You can protect your practice from cybercrime during the COVID-19 pandemic and in the future by taking the necessary steps.

How do you protect your healthcare practice from cyberattacks during COVID-19 and beyond?

It is important for medical practices to take a comprehensive approach to cybersecurity with solutions — during the COVID-19 pandemic and thereafter. Some of the examples of a comprehensive approach to cybersecurity include risk management, CERT Resilience Management Model (CERT-RMM), and integrating cybersecurity into budgeting and strategic planning. It is crucial that healthcare organizations improve the protection of their data and assets from cyberattacks by leveraging their defenses.

To improve cybersecurity in healthcare, you can follow these tips and prevent getting victimized by cybercriminals: 

  • Use a firewall
  • Install an antivirus software
  • Use strong passwords
  • Enable two-factor authentication
  • Install a secure virtual private network (VPN)
  • Install anti-malware software on all network-connected devices

From the confidentiality of patient information to insurance rates for patient care, cybersecurity influences every aspect of medical practices. The number is increasing when it comes to healthcare-related cyberattacks — an indication that smaller healthcare providers are falling victim to cybercriminals at an increasing rate. These providers must invest in a cost-effective and innovative telemedicine software to ensure security and seamless workflow in their practices.

To protect your health system during COVID-19 and when using telehealth, get Curogram.

With Curogram, you can update to a more secure healthcare software in your practice. 

Curogram is an easy-to-use HIPAA-compliant telemedicine software that protects both your patient’s information and your practice from harm (cyberattacks) and potential financial loss. By using the software, you can continually develop effective strategies while keeping health records and other sensitive data safe, even when communicating over texts with patients. It’s an effective solution to cybersecurity issues.

References:

https://www.who.int/about/communications/cyber-security
https://www.bloomberg.com/news/articles/2020-03-16/u-s-health-agency-suffers-cyber-attack-during-covid-19-response
https://www.reuters.com/article/us-healthcare-coronavirus-gilead-iran-ex-idUSKBN22K2EV
https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware/
https://scholar.google.com/scholar_lookup?hl=en&volume=17&publication_year=2018&pages=2512-2523&journal=IEEE+Trans+Mobile+Comput&issue=11&author=L+Xiao&author=D+Xu&author=NB+Mandayam&author=HV+Poor&title=Attacker%E2%80%90centric+view+of+a+detection+game+against+advanced+persistent+threats#d=gs_qabs&u=%23p%3D4vLbHBcV2kMJ
https://link.springer.com/article/10.1007/s11277-015-2510-3
https://www.tessian.com/blog/phishing-statistics- 2020/
https://blog.knowbe4.com/q1-2020-coronavirus-related-phishing-email-attacks-are-up-600
https://www3.weforum.org/docs/WEF_COVID_19_Risks_Outlook_Special_Edition_Pages.pdf
https://www.cps.gov.uk/legal-guidance/cybercrime-prosecution-guidance
https://ieeexplore.ieee.org/document/6569314
https://resources.sei.cmu.edu/asset_files/Handbook/2016_002_001_514462.pdf