Request Demo


Three Areas of Cybersecurity Strength for Hospitals During a Pandemic


These are strange times. As information security leaders across the globe watch their attack surface multiply with the rise of remote work, catalyzed by COVID-19, cybersecurity teams in healthcare are particularly pressured because they are in charge of keeping not one, but two worlds, secure.

As society turns to healthcare organizations and hospitals for help in this crisis, information security leaders at these institutions are facing an exponential increase in medical IoT (MIoT) devices coming online and increased interest from the hacker community to capitalize on the situation within the hospitals themselves as well. They are in charge of protecting not just remote workers, but the hospitals themselves and the healthcare workers who are treating the patients in need. From attacks on the WHO to spreading misinformation to hospitals hit by ransomware in the face of a pandemic, we must gather together as a community more than ever to support the information security practitioners that make sure healthcare professionals can continue to treat patients in dire straights.

In this troubling time, we are sharing best practices that are great to track, when possible, for information security leaders and practitioners in the hospital ad healthcare sector. As one of the most targeted attacks during the COVID-19 crisis, the leaders of hospital information security organizations can focus on a few key initiatives to help support and protect that essential work being done both on and offline.

Training and Awareness in a Pandemic

With the increased coverage of healthcare workers in light of the novel coronavirus, phishing attacks targeted at these professionals are on the rise. For a rapid turnaround, ensure that all members of the healthcare system know the basics of what a phishing attempt looks like. It is in times of heightened emotions that the scrutiny that we usually expect can no longer apply. Know what phishing attacks for your organization have looked like in the past and make sure that your organization is aware.

Keep Your Anti-Virus and Anti-Malware up to Date

While there is almost always a human element to an attack, as security practitioners there are ways we can reduce the potential of an attack. Start with making sure that your anti-virus and anti-malware software is up to date. In most cases, you can turn on automated updates to ensure that your software is always up to date.

Multi-Factor Authentication for Both Employees and Patients

Especially when working with a patient portal, adding another layer of security beyond username and password helps secure both the patient as well as the hospital’s systems. Given the rise of cyber attacks across sectors, consumers are now used to 2FA or MFA and will expect that added layer of security.

Moving forward - monitor, monitor, monitor

The best course of action in the face of a potential attack is knowing that a bad actor has breached the perimeter before they can do any sort of damage. In both the cases of remote workers as well as at the hospitals and healthcare centers, ensure that your organization has strong monitoring capabilities and an incident response plan in place should an attacker make it to the inside. Knowing what to prioritize for both hardening security as well as having policies and procedures in place should an attack occur is crucial to staying secure during this unprecedented event.

You may also like

Prioritizing Cyber Risk Management ...
on July 6, 2020

The risk posed to organizations by cybersecurity threats is large and increasing. COVID-19 related adjustments at home and at work, the move to a remote workforce, and increasing ...

Alison Furneaux
Critical Capabilities of IT Risk ...
on June 22, 2020

Risk management is rapidly becoming the foundation of organizational security efforts, replacing checklist compliance as a cornerstone of a successful security program. This shift ...

What is Cyber Risk Management
on June 21, 2020

Risk management is a fundamental component of any successful organization and has been since the dawn of corporations as we know them. The primary function of risk management as a ...

Cybersecurity Risks Have Changed ...
on June 10, 2020

CyberSaint will host a cybersecurity risk management webinar, live on June 17th, 2020at 12:00pm EST and available on-demand when you register to attend with this link.  The recent ...

Alison Furneaux
What is NIST SP 800 30
on June 10, 2020

The National Institute of Standards and Technology’s Cybersecurity Framework (CSF) is known in cybersecurity as the gold standard framework for computer security guidance, it can ...

Cybersecurity Maturity Model ...
on July 1, 2020

Why DFARS / NIST SP 800-171? A few years back, the United States Department of Defense (DoD) released a new regulation, a Defense Federal Acquisition Regulation Supplement, or ...