As healthcare workers fight COVID-19 on the frontline, health systems must fight off opportunistic cyber attackers.
H
ealth systems around the world are in a race against time to secure medical equipment, locate extra beds for intensive care and expand their clinical workforce by calling up retired healthcare practitioners. Healthcare clinicians are isolating and treating COVID-19 patients, finding creative solutions to medical device shortages and continuing their care of other critically ill patients – all while trying to fend off an increase in cybersecurity attacks and incidents.
With patient safety and care taking top priority, health systems want to ensure that critical issues are not overlooked as they respond to the surge in COVID-19 cases. To deliver the best outcomes for patients, clinicians must have access to secure, real-time and accurate data when creating treatment plans. With more connected medical devices, such as automated IV pumps, that stream real-time patient data to the treating clinicians, securing technology is more critical now than ever before.
Security enables patient safety and care by preserving the accuracy of the patient data, while still protecting patient confidentiality and privacy. A cyber attack that makes patient data inaccessible to clinicians, or disables medical devices, could be just as damaging to the COVID-19 efforts, as a shortage of doctors.
Through teaming with health organizations that are fighting COVID-19, we have identified eight issues that are commonly overlooked as they respond to the pressures of the pandemic. Below, EY shares advice on immediate steps healthcare leaders can take to address areas that may have been overlooked:
1. Protecting and responding to the increase in cyber attacks
The challenge: COVID-19 has made health systems a target for cyber attacks.
What you can do:
- Become familiar with the new wave of cyber attacks targeting your health system. These include, but are not limited to, fraud schemes, denial-of-service attacks, attempts to steal patient information with the aim of committing insurance fraud, and the use of social media accounts to distribute malicious material.
- Re-establish the network traffic baseline needed to detect attacks. Network traffic baselines will have changed significantly as your workforce has shifted to working remotely, and new healthcare professionals step up to help during the crisis. Recalibrate security monitoring settings accordingly.
- Prepare to react quickly to a cyber incident by validating response and escalation procedures when handling security attacks.