Posted on February 11, 2021 at 3:59 PM
A recent report revealed that the COVID-19 pandemic has provided more opportunities for cybercriminals to hack healthcare organizations than ever before.
The report analyzed the breach reports by the U.S. Department and Health Services last year. It indicates that for the second half of 2020 alone, there were 21.3 million breaches, which is an increase of 36%. And about 70% of those breaches were linked to third-party breaches.
Executive healthcare strategist at CI Security Drex DeFord stated that organizations need to improve their security to keep their systems safe. He also hinted about the safety of business associates and their protection against cyberattacks.
“We must redouble our efforts to make sure our business associates are secure operators,” he stated.
Cloud cybersecurity firm Bitglass also agreed that the threat actors are mostly taking advantage of a vulnerability found in third party connections to breach organizations.
The report also revealed that threat actors attacked all areas of the healthcare system, including healthcare organizations, hospital systems, rehabilitation, research labs, as well as life science.
Hackers took advantage of COVID-19 focus
While responding to the high demands of the COVIFD-19 pandemic, hospitals focused more on the medical care of victims and other related issues about the pandemic. The pandemic demand coupled with the demands of other health issues affected their attention to cybersecurity.
As a result, the threat actors took the advantage to pounce at the healthcare organizations, who were very vulnerable at the time.
Besides, the shift to remote work new vendor agreements and new sites of care also increased the security risks. It created a new wave of opportunity fr cybercriminals to strike, which explains why the attack tripled in 2020.
As the COVID-19 virus keeps causing more situations, cybercriminals are not relenting in their efforts to make gains or disrupt processes.
While some of these cybercriminals are looking for financial gains, the majority are often state-sponsored actors looking for important data regarding vaccine production.
Recent analysts show that the total number of accessed patient records almost tripled in H2 2020 compared to the level in H1. Interestingly, 97% of the hacks were linked to malicious hacking incidents rather than other causes.
Healthcare centers should use a holistic approach
The report revealed that a single breach of a business associate can send multiple reports to HHS.
The report also issued advice to healthcare organizations on several protocols they need to follow to make sure they are secure.
They should holistically evolve security programs, revisit security basics, deploy access management software, take advantage of cloud providers, protect work-from-home environments, pay attention to telehealth, and make security a procurement activity.
The report also reveals that the protection of healthcare systems doesn’t have a magic pill. Rather, it requires a multitude of actions to prevent these breaches because they come in a wide range of formats and attack different health organizations.
CI Security analysts also revealed that the threat actors are now targeting third-parties, who provide side services not offered by the main company.
Hacking activities still prevalent in 2021
A few days ago, NBC revealed that a cyberattack in November has led to the exposure of thousands of patient records on the darknet.
The attackers are not relenting in their efforts to attack organizations in 2021. Although the introduction of vaccines for the pandemic has helped to reduce the job of healthcare centers, the attack is still heated. Security experts have also revealed that the COVID-19 pandemic is likely to pose a new challenge in 2021 when it comes to cybersecurity.
The healthcare systems should also employ identity access management systems to ensure easy control and monitor of employees’ use of data.
The SolarWinds breach also affected the healthcare sector, as many of them use the software. It opened them to the same type of security issue faced by government agencies, the US military, and Fortune 500 companies that were affected.