– The ransomware surge during the last few months has already continued into 2021. And though the malware will remain a key trend into this year, healthcare industry stakeholders will need adopt a proactive security approach and secure key entry points, including phishing threats and vulnerable endpoints.
Xtelligent Healthcare Media Editors recently compiled predictions for the healthcare sector in the year ahead on a Healthcare Strategies podcast episode. In the healthcare security space, leaders can expect continued email-based attacks and other schemes that prey on COVID-19 fears.
As seen in the most recent ransomware wave, EHR downtime amid a national health crisis can put patient safety at risk. At least a dozen healthcare providers were driven to pen and paper due to ransomware, with some diverting ambulances because of computer outages.
Those attacks have already continued into this year, with one provider reporting outages due to ransomware during the first week of January.
In recent months and already this year, massive phishing campaigns and social engineering attacks are finding great success in manipulating employees into engaging with malicious emails.
Hackers are increasingly improving the appearance of these emails by masquerading as legitimate sources and brands. As such, strengthening employee security education and training around common and current threats should be a key focus for all healthcare entities.
Recent reports have demonstrated that healthcare is and will continue to be the leading target for hackers, as they continue to reap financial benefits from provider organizations and easily exploit COVID-19 news trends.
Particularly as the amount of data increases to better contain and understand the coronavirus, it will become paramount for these entities to ensure the supply chain is secure no matter where the information is stored within the enterprise infrastructure.
Further, industry leaders predict that the expanded telehealth use will continue throughout the year. Given the Department of Health and Human Services enforcement discretion that expanded the list of acceptable tech, providers should also continue to ensure these endpoints are secured.
With data exfiltration occurring in nearly half of all ransomware attacks, healthcare security leaders can no longer sustain a reactive cybersecurity approach if there’s hope of keeping pace with the current threat landscape.
Security leaders have stressed that it is the time for the sector to shift into a Zero Trust model, which is the only way for providers to ensure the security of the infrastructure. These tools include microsegmentation, access management, principles of least privilege, and the like.
While it may seem like a time-consuming or costly process, researchers have noted that most providers are already employing much of the needed tech and processes to make the shift into Zero Trust.