The emerging cybersecurity threats targeting telemedicine and healthcare organisations in the wake of the coronavirus pandemic. Bindu explores the issue below and offers advice on what precautions to take in order to prevent cyber-attacks of this nature.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
We think the Covid-19 dynamics are creating more opportunity for malicious actors to target telemedicine and healthcare organisations as a whole. Cybersecurity threats to these organisations are real, especially in the wake of a global pandemic. Healthcare organisations are scrambling to expand their remote system access and management while adequately protecting sensitive information from malicious actors. It is expected that we will see more highly publicised ransomware attacks on hospitals, for example, with patients being diverted to other hospitals and an inability to access patient records to continue care delivery. From small, independent practitioners to large, university hospital environments, cyber-attacks on health care records, IT systems, and medical devices have previously infected many systems.
Given this current threat landscape amidst COVID, as healthcare organisations and consumers lean on telemedicine, it’s important to educate people broadly about the risks that come with it. Patients need to understand that their data belongs to them and that no provider safeguards can replace their own responsibility to make smart decisions about how and where they use virtual health services. Communicating that principle is one responsibility of a provider organisation that offers virtual services. So is the parallel responsibility to make sure physicians who use the system approach it with the same understanding. Although telehealth is going to be a sought-after platform given the current situation, practitioners will have to take certain precautions to prevent cyber-attacks. To address this challenge, an organisation needs a robust authentication process before giving access to data externally and offer educational and training programs internally. Specific to telemedicine, we expect threat actors will focus on device security, patient and provider identification as well as access system-level security vulnerabilities.