The sweeping pay cuts and furloughs across the health sector could result in disgruntled employees becoming insider threats that may compromise the confidentiality and integrity of sensitive health information.
The projected losses have resulted in temporary furloughs of many health system employees, pay cuts and adjustments of working hours. The decision to eliminate elective surgeries and outpatient visits is likely the right decision in terms of protecting the safety of patients and staff, and also preserving limited PPE (personal protective equipment) but it has led to significant reductions in revenues.9 The sweeping pay cuts and furloughs across the health sector could result in disgruntled employees becoming insider threats that may compromise the confidentiality and integrity of sensitive health information.
Another potential area of concern due to COVID-19 is the prescription drug supply and the medical supply chain serving healthcare organizations. Experts are questioning whether the current supply of certain prescription drugs is adequate for the potential expansion of demand due to the COVID-19 pandemic.10 Currently, the Food and Drug Administration (FDA) is monitoring the medical product supply chain, asking suppliers to evaluate their entire supply chain from active ingredients to finished products.11 Similarly, the Federal Bureau of Investigation (FBI) is warning consumers and potential purchasers to be vigilant and on the lookout for fraudulent medical sales of personal protective equipment (PPE).12 To enhance network and IT security, healthcare sector organizations can proactively review and implement best practices by Health Industry Cybersecurity Practices (HICP): Managing Threats and Protecting Patients.13
Healthcare sector enterprises must employ multi-faceted risk mitigations
It is critical for healthcare delivery organizations to stay vigilant and fully understand how to identify potential threats to their networks. As we receive more updates on the developments of COVID-19, it is widely anticipated that cyber criminals will increase their attempts to launch more attacks against the healthcare industry because healthcare Information Technology (IT) infrastructure and remote work capabilities are stressed and security is often not optimal. Organizations should take a multi-pronged approach to managing risks over the short and long term. Recommendations and considerations as we continue to adjust to the present reality include the following:
Now:
- Due to the increase of teleworkers, evaluate your enterprise remote connectivity and authentication (i.e. Remote Desktop, VPN, WebEx, etc.) capabilities.
- With increased threat actor activity targeting healthcare industry remote workers, apply all available security updates for VPN and firewall configurations.
- Encourage remote workers to update and patch their personal devices that share the same network with their enterprise assets.
- Advise employees to control access to home Wi-Fi networks by using strong passwords and avoid default factory passwords.
- Review current email security controls with consideration of current remote work force posture.
- Set group policies to allow enterprise assets deployed remotely to only access PHI without the ability of saving it locally or ensure that encryption is enabled first.
- Provide links to official resources for pandemic-related information to avoid the spread of disinformation within your organization.
- Establish formal and transparent channels for corporate messaging to highlight what the enterprise is doing to address this pandemic.
- Assume each VPN connection (or reconnection) is potentially “compromised,” as users’ home networks (or those of their neighbors) could contain compromised personal devices.
Next:
- Test the ability to recover from your backups in a timely manner with a keen eye to ensure your organization is backing up all the data it needs in a format that is accessible yet secure to prevent both explicit or inadvertent tampering or corruption. In the event of a ransomware attack, data security and availability are vital.
- Assess and implement new security analytics models to account for privileged activity and use of new administrative tools and services that could reveal threat actor activity within the network.
- Review your external Incident Response (IR) provider and consider an additional external provider if a more appropriate response time is needed.
- Process HR changes as quickly as possible and reduce access to employees with status changes in prompt manner.
- Provide security operations with lists of furloughed, pay reduced and terminated employees so that they can create alerts for those accounts performing actions while on furlough, which could indicate insider activity or threat actors with compromised credentials.
- For protection against DDoS attacks, consider using behavioral detection-based tools that learn normal users’ behavior, and block network traffic that does not conform to the normal behavior.
Beyond:
- Consider deploying data loss prevention (DLP) to endpoint devices to restrict actions like saving, copying or transmitting sensitive data without disabling overall functionality.
- Update and test your IR and Disaster Recovery (DR) plans to ensure they are applicable to the current state of your workforce.
- Review, update and recommunicate employee cybersecurity training. Ensure to highlight the latest threats to your organization and employees.
Summary
As healthcare-related industry adapts to changing workspace needs in the face of the pandemic, we highlight the risk factors to watch out for to help healthcare sector remains cyber resilient.