BBQ Gourmet

Healthcare cybersecurity: How to address telehealth’s cybersecurity risks during this pandemic

The healthcare industry has taken centre-stage in the global arena owing to the unprecedented outbreak of the novel coronavirus. In this past year, hospitals and clinics around the world have had to grapple with unforeseen challenges.

Beyond increasing patient numbers, the rising death toll, and burnout and emotional exhaustion among medical teams, another insidious challenge has been unfolding none-too-subtly: healthcare cybersecurity breaches.

A report from the early part of 2020 on the latest trends in the healthcare security niche revealed that some of the biggest challenges for hospitals were:

  • Hacking
  • Phishing
  • Sinkholes
  • Ransomware
  • Malware
  • Command and control obfuscators
  • Lateral movement frameworks
  • Wormholes
  • DDoS and DoS

This spate of issues has forced healthcare facilities to spread their resources even thinner to keep confidential data from falling through the cracks. Even in a less-than-perfect world, this shouldn’t be the case. Hospitals and clinics need to be prepared to protect and defend their data, regardless of the circumstances.

To address these gaps, hospitals and clinics need to take a more proactive approach. Here’s a quick look at what these facilities can do to stay on top of information and cloud security during the pandemic and after it.

Applying stricter controls to telehealth platforms

Given the need for social distancing during this unprecedented pandemic, telehealth solutions became a popular way for patients to receive the care they needed.

This increased reliance and engagement, however, have also become a sort of homing beacon for cybercriminals. This is not surprising when you consider the data that sits on these platforms. Everything from payment information to personal data is fair game.

To get a better hold of healthcare cybersecurity, hospitals and clinics will need to employ various mechanisms like MFA, end-to-end encryption and cryptography, and identity proofing. The net effect of these will give security teams greater control over the activity that unfolds on these platforms.

Conducting frequent audits within these systems will also be useful to get an idea about vulnerabilities and safeguards.

Security awareness training at every level of healthcare facilities

Another best practice for boosting healthcare cybersecurity is security awareness training. The challenge is usually that medical teams aren’t aware of best practices and don’t have the time to understand these or put them to practice.

These programmes generally cover best practices when it comes to basic cyber hygiene, password protection, phishing/spear-phishing, and anti-virus and malware support.

With targeted awareness programmes, personnel can identify what they need to do and can take greater responsibility for their security practices. It makes it easier for them to commit to policies that boost medical cybersecurity.

These training programmes also ensure that there is a base level of awareness across the organisation, supporting the creation of a cyber-aware culture.

Managing IoT risks through integrated security strategies

IoT devices are commonplace in healthcare facilities, especially those that are setting up temporary clinics to support more patients during the pandemic. Given the information that passes through these devices, they are a major temptation for cybercriminals.

Before introducing these devices to healthcare ecosystems, medical security teams need to come up with a plan that plots out IoT vulnerabilities and risks. A good point to start is understanding which devices are connected to healthcare networks. These can then be segmented to account for each clinic’s IoT devices.

Beyond a robust IoT strategy, security teams also need to commit to round-the-clock monitoring and remediation to ensure that suspicious activity is flagged and addressed. Here, professional SOC services can prove to be a major resource-saver — especially at overworked facilities.

Take control of healthcare cybersecurity in 2021 with expert-led support

As healthcare professionals start navigating the complexities of vaccination drives and the post-COVID-19 world, they can’t afford to miss out on the security threats lurking in the background.

By identifying contemporary threats and trends, creating the right strategies can do a world of good. Concurrently, security teams need to make sure they have the right resources to make security a more central part of their organisations.

This is where the support of a cybersecurity company can prove invaluable. At Triskele Labs, we work with companies across Australia to power healthcare cybersecurity.