Security News

As Americans weigh their comfort level on what medical services require in-person visits with a physician or healthcare provider, telehealth options have skyrocketed as a popular alternative, providing convenience and access at a time when many are canceling appointments out of an abundance of caution. Millennials are statistically more likely than any other generation to continue using telehealth options after the pandemic has passed, followed by Gen X. In a hypothetical situation where they needed medical care, 25 percent of Americans would not consider using a telehealth solution for any of the appointments or procedures types presented - this number is significantly higher among Baby Boomers and the Silent Generation.

While there has been an uptick of attacks on healthcare organizations due to coronavirus, a 2019 Healthcare Data Breach Report found more healthcare records were breached in 2019 than in the six years from 2009 to 2014, indicating that the rise of threats to healthcare records has been an ongoing trend. Healthcare organizations need to understand the interconnected relationship between cybersecurity and patient care.

Despite the COVID-19 outbreak starting in the first half of 2020, data analyzed from the Health and Human Services Office for Civil Rights Breach Portal shows that the number of patient data records breached dramatically declined during the early stages of the pandemic. CI Security analysts assessment indicates that the number of breach reports in the first half of 2020 is down 10.4 percent compared to the second half of 2019, and the number of breached records is down nearly 83 percent, based on information that healthcare organizations are required to submit to HHS within 60 days of the discovery of any breach affecting more than 500 individual records.

This increased strain has increased the need for DevOps and database DevOps processes, with 41% of respondents in the healthcare sector saying they have adopted DevOps across some projects to free up developer time and increase the speed of delivery. "We know that the healthcare sector is facing unprecedented demands from the pandemic and other regulatory struggles, and DevOps is the best way to tackle these issues," said Kendra Little, DevOps Advocate, Redgate.

LexisNexis Risk Solutions announced the results of its annual focus group, comprised of over 20 healthcare IT executives that are members of the College of Healthcare Information Management Executives. While the focus group came together before the COVID-19 pandemic struck, the technology priorities for 2020 - from data sharing and security to using data analytics to help vulnerable populations - have become more urgent in light of the pandemic challenges.

Despite the well-documented increase in attacks against the healthcare industry during the COVID-19 pandemic, the industry is largely coping well against the cyber criminals. "Data smuggling behaviors," notes Vectra in its 2020 Spotlight Report on Healthcare, "Can occur when patient medical records are transferred to cloud storage offerings like Microsoft OneDrive, which is a common requirement for collaborating healthcare professionals."

More than 40 current and former leaders from around the world have signed a letter asking governments to prevent and stop cyberattacks on healthcare systems amid the COVID-19 pandemic. The letter addressed to governments is also signed by the leaders of major tech and cybersecurity companies, university professors, religious figures, NGOs and non-profit organizations, research organizations, healthcare organizations, former state presidents and ministers, and other officials.

Healthcare organizations can also be lucrative targets as criminals are aware of the value of patient information and medical data on the dark web. A report published Thursday by global threat intelligence firm IntSights explains why healthcare organizations are vulnerable to attack and how they can better defend themselves.

UPDATE. Magellan Health, the Fortune 500 insurance company, has reported a ransomware attack and a data breach. "Once the incident was discovered, Magellan immediately retained a leading cybersecurity forensics firm, Mandiant, to help conduct a thorough investigation of the incident. The investigation revealed that prior to the launch of the ransomware, the unauthorized actor exfiltrated a subset of data from a single Magellan corporate server, which included some of your personal information."

In early March, as COVID-19 impacted areas of the U.S., new healthcare data rules were issued by the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology and Centers for Medicare & Medicaid Services to "Give patients unprecedented safe, secure access to their health data" so that they can better manage their care. Under the purview of HIPAA and new breeds of state privacy laws and regulations, these apps will need to be built with security and privacy in mind, governed with the right controls, and provide appropriate patient verification and authentication.