Worldwide, we’ve taken many hits in the past year and a half. From the economy to healthcare and everything in between, COVID-19 has uprooted the daily lives and operations of people and organizations everywhere. Lost in the chaos of it all, there was IT security.
While cyber-related challenges such as legacy platforms and digitalization aren’t new for the healthcare industry, they’ve been magnified by COVID-19. According to a Threat Post report, cyberattacks targeting healthcare firms have increased a whopping 150% since the pandemic landed in the U.S. Not only is patient data at risk now, but attacks have evolved to put patients’ physical safety on the line.
The biggest security challenges stem from ransomware attacks, spear-phishing and insecure APIs. In September 2020, a Ryuk ransomware attack locked up Universal Health Services’ hospital systems for days. This attack resulted in widespread outages that delayed lab results and forced employees to divert patients to other hospitals. Similar ransomware attacks have tampered with lab results, disrupted devices, and even falsified information. Attack vectors like spear-phishing have included malicious links to COVID-related supplies like N95 masks, seeking to further spread ransomware through remote-access methods.
The influx of IoT devices connected to the cloud continues to complicate the situation. Medical devices may be unpatched or outdated, becoming vulnerable network access points. Flawed by design, the pandemic has exasperated existing vulnerabilities and challenges with medical devices.
The future of healthcare security is bright, despite the current environment. With the proper defense, healthcare organizations can ensure that critical infrastructure, and most importantly – patient data and physical safety – are secure. Here are three ways your healthcare organization can mitigate security challenges posed by COVID-19:
- Proactive monitoring programs: Healthcare organizations should adopt proactive monitoring programs to prevent the risk of breaches and conduct risk analyses to monitor their connected devices. SOC as a service (SOCaaS) serves as an effective way to support IT security teams in monitoring logs, devices, assets in the cloud, local networks, and endpoints off-network (prevalent in today’s work-from-home climate). Carolina Advanced Digital offers all-inclusive service suites for both managed risk and managed detection and response (MDR), helping organizations detect and respond to threats in minutes. The SOCaaS can also be implemented into the G Suite, Office 360, or cloud-hosted assets such as those in AWS and Azure, among others. To request a free demo or quote today, visit https://cadinc.com/services/security.
- EPP & EDR: To fight off ransomware attacks, you need an Endpoint Protection Platform (EPP) and Endpoint Detection Response (EDR) platform. Where the EPP blocks known threats, the EDR provides tools to hunt for threats, analyze intrusions, and respond quickly to attacks. Endpoint security solutions extend security controls in the data center to the endpoint, bringing increased visibility and control. Again, this mitigates risks including ransomware, malware and insecure APIs plaguing healthcare organizations today. Our expert engineering team is equipped to provide automated endpoint protection, detection and response solutions.
- Security awareness training: Make sure your IT security team and employees are well equipped to handle security risks. Implementing staff training and security awareness programs can help limit potential attack vectors. We offer security awareness training through partnerships with providers including KnowBe4 and Cofense which includes a phishing simulator to train employees to correctly identify email-based cyberattacks. When employees can feed actionable insights to their IT security team, organizations can eliminate easy attack vectors and better secure critical infrastructure.
Carolina Advanced Digital has decades of expertise servicing the unique needs of healthcare clients, including managing IoHT device security, supporting stringent Wi-Fi roaming and security needs for nurse paging, workstations on wheels (WOWs), and tablets. In addition to traditional Wi-Fi we design location services solutions for healthcare including way-finding for patients and guests, at-risk patient tracking, and contact and proximity tracing with a high degree of accuracy. We also enable healthcare through a myriad cyber security offerings such as SOC-as-a-Service, custom pen testing, vCISO, security awareness training and various controls/infrastructure security solutions. Contact us today to learn more about how we’re enabling healthcare organizations across the region.