These are strange times. As information security leaders across the globe watch their attack surface multiply with the rise of remote work, catalyzed by COVID-19, cybersecurity teams in healthcare are particularly pressured because they are in charge of keeping not one, but two worlds, secure.
As society turns to healthcare organizations and hospitals for help in this crisis, information security leaders at these institutions are facing an exponential increase in medical IoT (MIoT) devices coming online and increased interest from the hacker community to capitalize on the situation within the hospitals themselves as well. They are in charge of protecting not just remote workers, but the hospitals themselves and the healthcare workers who are treating the patients in need. From attacks on the WHO to spreading misinformation to hospitals hit by ransomware in the face of a pandemic, we must gather together as a community more than ever to support the information security practitioners that make sure healthcare professionals can continue to treat patients in dire straights.
In this troubling time, we are sharing best practices that are great to track, when possible, for information security leaders and practitioners in the hospital ad healthcare sector. As one of the most targeted attacks during the COVID-19 crisis, the leaders of hospital information security organizations can focus on a few key initiatives to help support and protect that essential work being done both on and offline.
Training and Awareness in a Pandemic
With the increased coverage of healthcare workers in light of the novel coronavirus, phishing attacks targeted at these professionals are on the rise. For a rapid turnaround, ensure that all members of the healthcare system know the basics of what a phishing attempt looks like. It is in times of heightened emotions that the scrutiny that we usually expect can no longer apply. Know what phishing attacks for your organization have looked like in the past and make sure that your organization is aware.
Keep Your Anti-Virus and Anti-Malware up to Date
While there is almost always a human element to an attack, as security practitioners there are ways we can reduce the potential of an attack. Start with making sure that your anti-virus and anti-malware software is up to date. In most cases, you can turn on automated updates to ensure that your software is always up to date.
Multi-Factor Authentication for Both Employees and Patients
Especially when working with a patient portal, adding another layer of security beyond username and password helps secure both the patient as well as the hospital’s systems. Given the rise of cyber attacks across sectors, consumers are now used to 2FA or MFA and will expect that added layer of security.
Moving forward - monitor, monitor, monitor
The best course of action in the face of a potential attack is knowing that a bad actor has breached the perimeter before they can do any sort of damage. In both the cases of remote workers as well as at the hospitals and healthcare centers, ensure that your organization has strong monitoring capabilities and an incident response plan in place should an attacker make it to the inside. Knowing what to prioritize for both hardening security as well as having policies and procedures in place should an attack occur is crucial to staying secure during this unprecedented event.
