The disruption of the COVID-19 pandemic has increased network vulnerabilities and propelled the growth of cyberattacks across the health care industry.
Only a few days ago on October 28, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation and the U.S. Department of Health and Human Services issued a joint statement noting they have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” as these health care organizations continue to face lasting challenges caused by the pandemic.
At Cerner Health Conference 2020, Don Kleoppel, Cerner’s chief security officer, talked with Russ Branzell, president and CEO of the College of Healthcare Information Management Executives (CHIME), about the significance of health care cybersecurity. The two spoke about a range of topics from telehealth to the importance of educating employees about digital threats.
Here are some highlights from their discussion.
Don: Google has seen a 350% surge in phishing websites during the pandemic. What recommendations do you have to help organizations address the uptick in phishing campaigns and to improve cyber awareness among their associates?
Russ: I'm surprised it's only 350%. We’re definitely seeing a significant increase in cybercrimes. Personally, in just one month, my email was spoofed three times.
Organizations have to go back to the basics with security education to remind associates that cyberattacks don’t stop just because you’re working from home. In fact, they’re worse because there are more security challenges with a remote workforce. Security leaders need to make sure they provide constant reminders to keep people on guard and aware of the risks.
Employers might also have to turn the dials up on security settings whether that be email, internet filtering or other tactics.
Don: Telehealth is a fast-growing segment. Is this technology leading or lagging behind in cybersecurity protocols?
Russ: At the beginning of the pandemic, health systems were rushing to stand up or expand telehealth platforms so they could continue to deliver care while minimizing the spread of COVID-19. Everything moved very quickly, and the temporary exceptions that were allowed from the federal government created an environment where we were probably less secure than we should have been.
Moving forward, the security and privacy requirements for telehealth are likely to increase. Most of our CHIME members are already talking about strengthening their telehealth security posture.
Don: How has COVID-19 impacted the use of cloud services?
Russ: The crisis – and the business challenges it’s caused – has shown us that there's a strategic advantage to leveraging cloud technology for security redundancy and interconnection. With the growth of distributed workforces, I believe the movement to the cloud will only ramp up from this point forward.
Don: What advice can you offer health care leaders to help them better secure their patient data and maintain privacy laws?
Russ: We’re at a point now that we all have to operate as digital health organizations. Cybersecurity is the responsibility of everyone, not just the technical leaders. Yes, they have to make the rubber hit the road and do the hard work to actually protect the world. But from a governance perspective, we must realize that cybersecurity has to be elevated and prioritized.
No matter how much money we spend, there will always be some degree of cyber risk, but we must do the best we can with the resources we have on a risk-based model. We have to follow best practices, such as the National Institute of Standards and Technology Cybersecurity Framework and acknowledge that security is an ongoing effort.
There are many health care organizations that don’t yet have a comprehensive program in place due to lack of resources ─ be it staff, finances, time or all the above. Their risk may be greater because they just don't have what they need to build an adequate cybersecurity platform.
Everyone should keep in mind that we’re all in this together when it comes to cybersecurity. It’s not a competition. There are professionals, like Cerner and CHIME, that are ready and willing to help at any time. You aren’t on your own in this fight for security.
Register at CernerHealthConference.com or log back into the conference platform to view the entire cybersecurity chat and other on-demand sessions through Dec. 14.
More like this:
- Combatting ransomware attacks on health care providers – 3-minute read
- Protect your medical devices from cyber threats – 3-minute read