The COVID-19 pandemic has threatened and revealed several underlying vulnerabilities about the healthcare industry in multiple ways.
Cyber-attacks are in the middle of an overwhelming healthcare emergency induced by the pandemic. As hackers are increasingly targeting healthcare institutions in recent years, the present situation’s actual gravity has created havoc.
The Department of Health and Human Services, the World Health Organization, and one of the largest COVID testing facilities in the Czech Republic have recently been victims of cyber-attacks. Ever ruthless, cyber hackers view the current time as a golden opportunity to target valuable and vulnerable healthcare organizations.
This should alarm people handling healthcare cyber security, as while there’s never a good time for a cyber-attack, there’s never been a worse time than the current COVID-crisis. With hospitals and clinics face an all-hands-on-deck scenario as resources are stretched incredibly thin, escalating IT issues to the mix could make it even more challenging or even impossible to deliver care. For providers, patients, and administrators alike, cyber threats put the whole healthcare system in jeopardy.
Acknowledging the risk potential remains the top priority while breaking down the most probable attack vectors is the second. As per the latest research, about a quarter of consumers feel that their healthcare providers lack adequate security standards against phishing schemes and web browser attacks. Unfortunately, they’re correct – and hackers know it too.
Like all other industries, healthcare must guard itself against a broad range of cyber threats. Still, with limited resources to get around (in good and bad times), they need to focus on the most common and consequential risks predominantly.
Browser-based attacks impact healthcare significantly as the industry continues to rely on Internet Explorer as their default browser. But even Microsoft recalls IE as a “compatibility solution” rather than a browser, majorly because it doesn’t support the latest web standards for security-related things. By choosing to leverage something woefully inadequate, healthcare institutions make robust browser security unattainable and expose themselves to severe cyber threats like drive-by Adobe Flash exploits and downloads.
Phishing attacks are usually frequent and frustrating. In the last year, phishing attacks constituted around 30% of the cyber-attacks directed at the healthcare industry. Now, Google reports seeing 18 million extra phishing/malware emails daily struggling to exploit COVID-19 in some way. Phishing schemes use confusion, fear, and panic to trick recipients (especially tech-savvy ones), so they’re an especially potent strategy amid the pandemic.
Phishing and browser-based attacks can both unleash the worst attacks in a cyber-hacker’s arsenal: downloaders, Trojans, ransomware, and much more. And when successful, such attacks can lead to acute data loss or critical applications going offline at times when healthcare absolutely requires effective IT. Cyber security may not feel like the most immediate or urgent healthcare threat right now. But it’s the one that no one can ignore.
Moving target defense for the times of uncertainty is the key to safety. Healthcare firms need effective defenses against various browser-based attacks and phishing schemes. But such cyber defenses must be automated, easy-to-implement, and largely hands-free to match the needs of under-resourced and over-worked healthcare IT departments operating with a similar urgency and a sense of purpose as the colleagues on the front lines of this pandemic.
Moving target defense matches up to all those criteria. It morphs the app memory so that when hackers think they’re tapping into crucial data or controls, their attack actually gets neutralized. It works like a second or the last line of defense behind traditional spam email filters and antivirus monitors. Should one of such defenses fail – which becomes vastly most likely when, like now, hackers multiply the sophistication and frequency of attacks on human targets which are highly distracted to be alert – shifting target defense essentially shuts down the attack surface before it creates any negative consequences.
Paired with traditional antivirus software that protects against file-based malware, shifting target defense brings down the likelihood of conducting a successful attack. And, critically, it does so without needing extensive or ongoing input from the IT departments, freeing them up to focus on the response of the pandemic.
Though COVID-19 feels unprecedented in multiple ways, cyber security was an issue in healthcare before the pandemic, and it will remain so afterward as well. Ransomware attacks on healthcare companies and hospitals rose by 60% between 2018 and 2019 – totals likely to be eclipsed towards the end of 2020. Moving target defense might not bring down the number of attacks, unfortunately, but it can definitely make those attacks irrelevant. Implementing such technology now allows organizations to persevere during the pandemic to come out even stronger towards the other side.