The impact of COVID-19 on cybercrime has gone through a major target shift from small businesses and individuals to government bodies, critical establishments, and corporations.
The healthcare sector is one of the primary targets due to its vital human data which is more crucial today. As healthcare facilities becoming a major target for cybercriminals across the globe, it has become a priority for the healthcare sector around the world to take additional precautionary measures to protect their networks and endpoints from any intrusion.
This is affirmed by Ray Kafity, Vice President – Middle East Turkey and Africa at Attivo Networks and he says, “Cyber attacks on hospitals have risen both in frequency and severity in the past year. Security of hospitals and other critical infrastructures is of paramount importance as even a small attack can disrupt the functioning of the institution, which may lead to loss of human life. It’s important to factor in healthcare data, which is considered even more valuable than financial data because it contains critical information including prescriptions, treatments, reports and so on, making it a highly attractive target.”
Given the current trend and at the same time as a gesture of strengthening its continuous efforts to maintain the highest levels of data privacy and information security, the Department of Health (DoH) Abu Dhabi has introduced a new security audit program named ‘AAMEN’. This program will make sure healthcare facilities are taking all required steps to protect patients’ data.
Ray Kafity welcomes this initiative and believes this program will protect the significant data from misused for monetary benefits.
“We applaud the Abu Dhabi’s Department of Health for launching the ‘AAMEN’ audit initiative, which will be significant in ensuring that healthcare data is always available to the right people while keeping it secure from those that would use the data for financial gain.”
Cyber-attacks against healthcare facilities are not new. As health records retain some of the most extensive individual profiles, it is equally encouraging for scammers attempting to breach security, identity theft, or credit card scams.
Alongside, attempts at ransomware and data mining, have escalated. Unfortunately, stringent cybersecurity in the healthcare industry is in the nascent stage. Lack of digital training among personnel, insufficient policies and enforcements, and outdated tools make it an easy target.
Hackers know that health care is most likely to pay the ransom considering their critical services.
Adding to this Morgan Wright, Chief Security Advisor at SentinelOne says, ‘Healthcare remains a top target globally for attacks by criminal organizations and ransomware. It’s more than just the impact to data, it’s the critical operations that run the numerous systems supporting patient care. The number of devices inside a hospital that connects to a network has grown tremendously over the past ten years. This creates numerous opportunities to exploit vulnerabilities that remain unpatched.”
Failure to protect their critical data can lead to major chaos putting the reputation and management of a hospital at stake.
Morgan Wright adds “The price of failure in healthcare isn’t just reputational, it can literally cost lives like what happened in Germany in September. A ransomware attack on a hospital caused a patient with a life-threatening condition to be diverted from the closest hospital to one further away. These precious few extra minutes caused the patient to die before receiving care.
Healthcare organizations and hospitals must balance the need for effective patient care and vital outcomes with defending and protecting the systems that enable the delivery of these services. Keeping patient data private won’t succeed unless you secure the data first.”
There are several ways for healthcare facilities to protect themselves from a Covid-19 triggered cyber attack. They should invest in software and firmware with increased internal security. Keeping updated software with patches to protect against the latest threats can be the solution.
As per Ephrem Tesfai, Sales Engineering Manager, Middle East, Turkey, and Africa at Genetec “Healthcare facilities have become a primary target for cyber-attacks because of the sensitive data they hold. With the right investment in technology, healthcare facilities can empower their teams to be faster and more effective at protecting everyone, while keeping operations running smoothly. Every hospital wants its patients, staff, and visitors to feel welcome and safe.”
Healthcare systems have the highest costs of data breaches. The average data breach cost for healthcare sectors is $6.45 million, according to IBM Security’s 2020 data breach cost report.
Tesfai says, “According to Becker’s Hospital Review, data breaches cost the health care industry, approximately $5.6 billion every year. Now more than ever, it is vital that healthcare facilities invest in a security platform that evolves to fit today’s needs. Many aging cybersecurity systems urgently need to be upgraded, as cyber threats and attacks are constantly evolving.
As hospitals move to digital filing systems to track patient information and treatments, healthcare facilities need to develop effective strategies for protecting access to their data. By attaching access control readers to workstations, you can prevent unauthorized access to computers and sensitive information as nurses and doctors will be required to tap their badges at the readers to access patient files.”
With a decent number of healthcare members working from home due to the pandemic, a major surge in security incidents and cybercrime has been reported.
To protect data, experts suggest training healthcare staff on best practices, and responding to security needs across all applied policies, implementing multifactor authentication, among other security measures.
Confirming these measures Mahmoud Samy, Vice President & Managing Director – EMEA Emerging Markets & Eastern Europe at Forcepoint says, “Personal patient data including names, addresses, dates of birth, insurance details, medical history, test results, and treatment plans are all highly sensitive and highly valuable to cybercriminals.
Protecting a hospital needs a portfolio of next-generation technologies that utilize threat intelligence, machine learning, and next-generation firewall to provide security to the entire network. Data loss protection (DLP) solutions can prevent negligent, accidental, or intentional data leaks by hospital staff. Supplementing the solutions with training and educating those users who have access to sensitive data will help plug the data leaks.”
He appreciates the initiative of AAMEN! He says, “We applaud Abu Dhabi healthcare authorities’ efforts in protecting the hospitals from cyberattacks. ‘AAMEN’, the audit program which ensures high privacy standards to patient data is a step in the right direction.”
David Grout, CTO EMEA at FireEye talks about this program at length. “We welcome this new program. There have been several incidents in recent times where a cyber-attack has impacted a healthcare organization. Recently a patient in a German hospital died from what authorities believe was a cyber-attack and we’ve also seen several U.S. hospitals hit by ransomware attacks which have impacted the care they are providing. In addition to this, there have been espionage attacks that aim to steal Covid-19 vaccine data.
He adds, “The ‘AAMEN’ program focuses on the security of patient data which is another important area. This data can be very valuable to cyber attackers, so healthcare providers must have robust security measures in place to defend it. As part of an effective security strategy, healthcare organizations should consider technical solutions such as email security tools, having the necessary security expertise available, and having access to threat intelligence that offers them an understanding of the latest threats to watch out for.
Corona-19 pandemic has put the healthcare sector in the crosshairs. To minimize the threat of disruption by any cyberattack, healthcare companies should ensure their hardware and software are updated regularly; implement powerful safety measures like backing up all critical files, having multifactor authentication, and training their staff member including more. Hopefully, Aamen will consolidate the security system of the healthcare sector against cybercrime in Abu Dhabi.