Being a hospital CIO can be an unenviable – and sometimes nearly thankless – job even at the best of times. Things have arguably gotten even worse for health IT leaders as COVID-19 caseloads mount and the need to slap together solutions addressing the pandemic grows.
Given this level of chaos, it’s predictable that cyberattackers would materialize en masse to see if they can exploit newly vulnerable hospitals. And according to an article in USA Today, that’s exactly what’s happening now.
According to the story, the pounding hospitals take from malign hackers has gotten much worse since the pandemic settled in. This could prove to be a disaster for some facilities, particularly given the extent to which the staff members have retreated to their home offices and their budgets have been compromised by the costs of COVID-19 care and lack of elective procedures.
The article reports that between March and April of this year, IBM saw a 6000% increase in spam attacks targeting IT systems, many that are healthcare facilities. If you want to learn more about the growth of these attacks and what to do about them, we’re hosting two free webinars. The first is focused on Cybersecurity’s Impact on Patient Safety and Trust and the second will look at How Healthcare Institutions Are Being Attacked and What You Can Do About It.
One example of this growth can be found at Seattle Children’s health system. Chief information security officer Gary Gooden, who spoke with USA Today, said it saw a doubling of attempted hacking attacks in March. Most of them were phishing emails designed to get staff members to click on a malicious link and give the cyberattackers access to Seattle Children’s systems, he says.
Often, these phishing attacks leverage basic information about the spread of the coronavirus. Others dangle offers of scarce personal protective gear.
The sad truth is that patient health data has always been particularly desirable given the high price it commands on the black market. It has unique characteristics that justify the price, the story notes. For example, if black-hat hackers manage to capture live credit card numbers, the numbers stop being valuable as soon as the customer cancels the card, Meanwhile, medical record numbers don’t work that way and patient data remains what it is forever.
A grim corollary to this latest wave of hacking attacks is that children’s hospitals are particularly attractive targets. When cybercriminals steal data on newborn children or toddlers, they have “a free run for 18 years to utilize these personas,” Gooden noted.
Of course, healthcare CIOs have a wide array of protective security strategies from which to choose, including the use of multifactor authentication, warning staff about spam, and encrypting patient information. However, given the pressures institutions are under, few have the bandwidth to step up their security precautions, and what’s more, may be facing new security vulnerabilities created by rapid deployment of infrastructure which hasn’t been tested and hardened as much as usual.
We can only hope that healthcare organizations find ways to balance the need to fend off newly-emboldened cyberattackers with the demands the pandemic has already placed on them.