Security News

LexisNexis Risk Solutions announced the results of its annual focus group, comprised of over 20 healthcare IT executives that are members of the College of Healthcare Information Management Executives. While the focus group came together before the COVID-19 pandemic struck, the technology priorities for 2020 - from data sharing and security to using data analytics to help vulnerable populations - have become more urgent in light of the pandemic challenges.

Despite the well-documented increase in attacks against the healthcare industry during the COVID-19 pandemic, the industry is largely coping well against the cyber criminals. "Data smuggling behaviors," notes Vectra in its 2020 Spotlight Report on Healthcare, "Can occur when patient medical records are transferred to cloud storage offerings like Microsoft OneDrive, which is a common requirement for collaborating healthcare professionals."

More than 40 current and former leaders from around the world have signed a letter asking governments to prevent and stop cyberattacks on healthcare systems amid the COVID-19 pandemic. The letter addressed to governments is also signed by the leaders of major tech and cybersecurity companies, university professors, religious figures, NGOs and non-profit organizations, research organizations, healthcare organizations, former state presidents and ministers, and other officials.

Healthcare organizations can also be lucrative targets as criminals are aware of the value of patient information and medical data on the dark web. A report published Thursday by global threat intelligence firm IntSights explains why healthcare organizations are vulnerable to attack and how they can better defend themselves.

UPDATE. Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. "Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that prior to the launch of the ransomware, the unauthorized actor exfiltrated a subset of data from a single Magellan corporate server, which included some of your personal information."

In early March, as COVID-19 impacted areas of the U.S., new healthcare data rules were issued by the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services to "Give patients unprecedented safe, secure access to their health data" so that they can better manage their care. Under the purview of HIPAA and new breeds of state privacy laws and regulations, these apps will need to be built with security and privacy in mind, governed with the right controls, and provide appropriate patient verification and authentication.

Nigerian cybercriminals specialized in business email compromise attacks were observed leveraging COVID-19 lures in recent attacks on healthcare and government organizations, Palo Alto Networks reveals. The campaigns stand out because they also attempted to compromise organizations critical to COVID-19 response efforts, including "Government healthcare agencies, local and regional governments, large universities with medical programs/centers, regional utilities, medical publishing firms, and insurance companies across the United States, Australia, Canada, Italy, and the United Kingdom."

Malicious campaigns are using password spraying as a type of brute-force attack to find weak passwords at healthcare and medical facilities. Specific attacks against healthcare providers detected by security agencies in the UK and US are using password spraying to compromise accounts with weak passwords.

What is happening during this crisis will not just change the landscape in healthcare today-it will change the way that we deliver and experience healthcare forever. So it's imperative that the technology industry come together to help healthcare meet this challenge, both to support the healthcare system when it's needed most, as well as to ensure that new digital infrastructure is implemented the best possible way.

While CIOs and CISOs have a significant role in ensuring front line healthcare workers have the tools and technologies they need to treat patients, healthcare organizations must also prioritize protecting medical devices and critical infrastructure during this crisis. As healthcare organizations look to ramp up their operations to prepare for treating the victims of this disease, many are bringing on new equipment and devices to help.