As the COVID-19 pandemic stretches on, digital processes and experiences continue to increase for healthcare.
For patients, this means making more payments online and taking advantage of virtual care options when medical treatment is required but conditions aren’t critical.
Healthcare providers are altering business operations to facilitate more digital interactions. This involves a transition to remote work to help maintain social distancing as well as other physical precautions. This deeply digitized “new normal” also points to a new vulnerability to cyberattacks.
Cybercrime Has Increased During COVID-19
The upsurge in remote working setups and the digitization of business operations creates a novel opportunity for hackers. Healthcare organizations are a leading target for cybercrime in light of the sensitive nature and range of medical data and payment information that live on their networks. IBM Security’s 2020 Cost of a Data Breach Report noted that the median cost of a healthcare data breach is $7.13 million. Within weeks of proclaiming COVID-19 a pandemic, the U.S. Health and Human Services Department underwent a distributed denial-of-service (DDoS) attack. In April 2020, the World Health Organization (WHO) noted a fivefold increase in cybersecurity attacks.
5 Types of Cybersecurity Attacks in the Healthcare Industry
More digital susceptibilities make healthcare organizations even greater targets to cybercrooks. Becoming acquainted with the maneuverings of hackers and other kinds of cybercriminals can help you identify what to be on your guard for to better defend against expensive data breaches.
You’ll want to keep an eye out for social engineering attempts – this method of intrusion, through digital or in-person interaction, is engineered to fool the user into breaking security protocol and divulging sensitive information. Hackers employ social engineering tactics to obtain employee credentials, undermine authentication systems, take control of social media accounts, and more.
In this article, we’ll examine five common types of cybersecurity attacks confronting healthcare today:
Business Email Compromise (BEC)
BEC scams attempt to secure confidential, personal or financial info from business contacts through email. Techniques include:
- Email spoofing (or masking) involves sending emails with bogus headers that mask the message’s actual point of origin. A cybercriminal takes advantage of this method to dupe employees into revealing confidential company and client information and setting up payments using fraudulent instructions.
- Client email compromise occurs when a hacker gains access to an employee’s email account or a corporate network in order to get a sense of the communication style of a company’s client or customer. The cyberattacker then emulates this style in interactions with members of the organization to commit fraud or appropriate sensitive information.
- Business partner email compromise is a scheme in which cybercriminals pass themselves off as an organization’s business partners or vendors by way of email exchanges in order to access confidential data and company information.
- A lookalike domain is designed to closely resemble the internet domain of a legitimate organization. Cyberattacks utilize these domains to set up email accounts and dispatch fraudulent messages to employees to gain access to crucial company data.
Phishing is the exercise of sending counterfeit communications – typically emails – that seem to be from dependable sources in order to mislead victims into disclosing information or downloading malware. This approach often preys upon emotions and plays to a sense of urgency or fear.
Cybercriminals use this tactic to infiltrate systems and personal data or to perpetrate financial fraud. Typical types of phishing attacks include spear-phishing (targeting individuals instead of groups) and voice phishing, or vishing (attempting to elicit information through voice communications on the phone).
Cyberattackers use ransomware to strong-arm organizations by encrypting and withholding their data until a ransom is paid. Ransom costs differ based on the type of ransomware and the cybercriminals utilizing it.
The FBI’s 2019 Internet Crime Report reports that the FBI received over 2,000 ransomware-related complaints with adjusted losses in excess of $8.9 million. Affected organizations run the risk of permanent data loss which can make it difficult for the business to function properly.
In October 2020, the U.S. Cybersecurity and Infrastructure Security Agency delivered a warning about ransomware declaring that “there is an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers.”
Remote workers commonly count on mobile devices to meet their communication requirements. This creates an additional channel that cybercriminals can use to sabotage organizations. Malicious and spoofed company applications, the elimination of operating system restrictions, and the usage of public Wi-Fi can all maximize vulnerability to attacks.
Compromised Business Social Media Accounts
Social media is a favorite platform for cyberattackers seeking to infiltrate organizations and users’ personal information. Their modus operandi is to take aim at both the business’s accounts and those of individual employees.
Using unauthorized and unprotected external applications to log on to social media accounts, human-caused error, and engaging with phony accounts can all result in substantial security threats.
How Can Employees Help Prevent Healthcare Cyberattacks?
It’s essential to implement secure and compliant systems to defend against cyberattacks. Ensure that every employee is familiar with their role as well.
Further suggestions for averting healthcare cybercrime:
- Only make use of company-approved email platforms and tools. For extra protection, these tools need to offer spam filtering and multi-factor authentication.
- Only click on links and open attachments from sources you trust.
- When communicating with coworkers or IT personnel, always confirm their credentials as well as any other business-related identifiers to verify their identity. Don’t hesitate to reach out to your IT professionals on their business phones to validate any remote access requests. Never divulge your password information.
- When working offsite, treat your computer in the same way as you would if you were physically in the office. Lock your screen when away from your computer and utilize strong passwords when updating your login details.
- Make sure that your software, internet browser, and operating systems are up-to-date.
- Keep your device’s antivirus and ad-blocking software on at all times.
- When using public Wi-Fi, don’t enter your personal credentials on any website (unless you’re using a VPN).
- When working on your home network, make sure to update the default password before you log on. Set up a password for yourself and your work, then come up with a separate one for guests and children.
If you’re looking to replace your current electronic health records system or you need to implement an EHR for the first time, give us a call at 877.884.3367 or click here to request a free demo.
EncounterWorks is a completely integrated system that combines data management, billing, and EHR functions into one easy, smart, and flexible platform. EncounterWorks EHR is designed to accommodate your practice’s workflow. Flexibility and customization options enable our EHR to efficiently adapt to any practice specialty, making us the perfect fit for ANY healthcare team.