If there is one thing we can all agree on, we are living in unprecedented times when it comes to health and security. In fact, I think we can also agree we have all had a chance to get to know our neighbors, friends, and family perhaps a little bit better—for good or worse. And as a matter of fact, so have the bad guys.
For this column today I’d like to tackle a few specific issues everyone is addressing right now in a very big way: health and security. More specifically, let’s address the following questions:
Do desperate times call for less-than-perfectly secure measures?
Is the industry ready security-wise for the sharp increase in telehealth use due to COVID-19?
How will this pandemic alter the course of the health security space?
My first response to all of these questions is that the world is unchartered territory here because cybercriminals are taking huge advantage of the pandemic. With increased social distancing, more and more people are leveraging connected medical devices and as a result the bad guys are stealing more huge amounts of medical data.
Cybercriminals are always looking to find any opportunity to snatch sensitive and valuable information in whatever form they can. And it’s no surprise that healthcare data is just about as sensitive as it gets and lately is ripe for the taking.
According to Infosec, some of the top concerns in the healthcare industry, include things like budgetary constraints, which prevents healthcare entities from spending what they need to spend on security technology and staff. Human error is another top concern, as is unintentional insider threats—and intentional insider threats, for that matter.
Verizon’s 2019 Data Breach Investigations report suggests a majority of breaches in 2019 were associated with internal actors. The top three patterns were miscellaneous errors, privilege misuse, and web applications, and those made up 81% of healthcare incidents in 2019. Almost 60% of threat actors in healthcare last year were internal.
Interestingly, as I see it, the Coronavirus pandemic has changed things up. For example, cybercriminals are always looking for ways to spam and trick people into opening attachments, clicking on links, and so much more. But this pandemic has brought new scams out in droves.
For instance, between January 1 and April 15 alone, the FTC (Federal Trade Commission) reported it had received 18,235 reports related to COVID-19. Among those reports, people reported losing $13.44 million dollars to fraud alone. Only some of this fraud was specific to healthcare, of course. This reinforces the point that cybercriminals are attacking at every angle.
We have all heard and even seen websites falsely promising masks and cleaning products (that will never arrive) in order to gain people’s money and personal information.
One unique circumstance that’s adding to the concern over healthcare security right now is the use of temporary hospitals. In some places, hospitals are overrun with COVID patients, and, in response, temporary medical-treatment units are being erected wherever they’re needed.
But these remote units don’t typically benefit from the same security infrastructure that, say, the hospital next door does. The top concern in creating these units is, naturally, putting patients in beds and providing access to healthcare providers and equipment.
By default, then, security is not the top priority. Reality is, it just can’t be. There’s simply not enough time. The cost of waiting is too high and time is critical here.
So what’s the solution here? Is there a solution? It’s all about saving lives and less a matter of focusing on what the bad guys might potentially do.
One of the questions I rhetorically asked at the top of this blog was whether desperate times call for less-than-perfectly secure measures? Unfortunately, we are seeing the answer is yes, because this situation is evolving too quickly for any other answer.
Rest assured many months ago, I would have demanded a different answer. But with the times the way they are, sadly, we all have to compromise, but what will be the long-term impact? We have to focus on the people today, because if we don’t they might not be here tomorrow to enjoy the life the rest of the healthy people are enjoying.
Another question I asked earlier is whether the healthcare industry is ready for the sharp increase in telehealth use due to COVID-19? I also think everyone realized pretty quickly that it wasn’t ready to handle the massive surge.
I agree with the group of bipartisan senators that penned a letter to CISA (The Cybersecurity and Infrastructure Security Agency) and the commander of U.S. Cyber Command raising concerns to which the healthcare sector is facing —that noted we need to act and provide resources to protect and defend critical infrastructure. They emphasized that if we don’t protect our data, just imagine for a moment the havoc the bad guys will be creating on all of our personal data. And more importantly, we all know, and can’t ignore, the insidious nature of pandemics, no matter what form they take. We need to protect the health security space.
Want to tweet about this article? Use hashtags #IoT #sustainability #AI #5G #cloud #edge #digitaltransformation #machinelearning #infrastructure #bigdata #cybersecurity