Healthcare Systems Need to Learn 2020’s Cybersecurity Lessons Now
There are a lot of cybersecurity lessons to learn from 2020. This is also true for the healthcare industry. Healthcare is transitioning out of hospitals and into other settings and environments. Patients (non-COVID patients) have been encouraged to stay at home this year in order to avoid overwhelming hospital systems. In an effort to deal with significant COVID testing and treatment, emergency hospitals were established all across the globe. Of course, the primary goal has been to deal with the pandemic and so, as a result, the security posture of these emergency healthcare IT networks has not necessarily been the number one priority.
Tenable found that over 46 percent of the breaches in the healthcare sector were caused by ransomware attacks, so it’s imperative that organizations shore up their cyber incident response teams. When strengthening those teams, organizations should work to improve communication protocols and implement threat detection practices.
More than 700 breach events from January to October 2020 resulted in over 22 billion records exposed, according to Tenable. Organizations need to take a deeper look at the cybersecurity lessons from last year and prepare their IT teams and responses now.
COVID-19 has put a renewed spotlight on the importance of defending against cyberattacks and data breaches as more users are accessing data from remote or non-traditional locations. Crisis fuels cybercrime and we have seen that hacking has increased substantially as digital transformation initiatives have accelerated and many employees have been working from home without adequate firewalls and back-up protection.
The adoption of telehealth and telemedicine requires special attention in terms of cybersecurity. Aggressive adoption without consideration of cybersecurity risks will result in an unstable industry and patients will be at risk. It is imperative for medical device manufacturers and healthcare providers to take a risk-based approach when considering a transition from hospital monitoring and treatment to home monitoring and treatment. Security risks must be considered at all stages of a device lifecycle, from concept, to development, to usage, and right through to decommissioning. Medical device manufacturers must now take into consideration the fact that many medical devices will communicate via unprotected networks and therefore require that appropriate security features be built in or retrofitted to a device.