The primary focus of healthcare cybersecurity has generally revolved around protecting the confidentiality, integrity, and availability of information. However, the focus now for many healthcare organizations is on the availability of information in light of the COVID-19 pandemic.
But how much availability is too much availability? If a healthcare organization is lax about its cybersecurity protections, it doesn’t really matter how available systems, networks, and information are, as threat actors are always looking for ways to infiltrate healthcare organizations. Lax health cybersecurity makes organizations fruitful. This, in turn, translates into less assurance that information remains confidential and has integrity. In other words, there is relatively little assurance that the information has not been tampered with. Threat actors are well aware that many health organizations have lowered their shields.
Reduce risk with proper planning
Relatively few healthcare organizations have robust incident response, business continuity, and disaster recovery plans. A robust and lax incident response program means that healthcare cybersecurity incidents are not blocked or addressed as soon as possible. This can have adverse impacts on information, systems and networks as a result of significant security incidents that may occur.
Threat actors can steal financial information, patient information, and intellectual property. The latter is of particular concern for healthcare organizations that are treating COVID-19 patients and / or developing vaccines to help fight the virus, as progress may be hampered or stalled as a result.
The most important element of a health cybersecurity incident response plan is the human element. Effective, clear and timely communications are essential elements to ensure that incident response is prompt and appropriate. Ensure that all employees have resources to educate them on policies, procedures, and who to turn to for what is critical in planning your incident response strategy.
Attacks on the remote access server have been on the rise with more people working from home. These servers can be compromised and can be used as a means of turning to other parts of the network (and the machines and devices that are connected). With this, healthcare cybersecurity requires organizations to analyze the resources (and assets) used by members of the workforce who work from home. Additionally, identity governance, identity management, and lifecycle management also need to be carefully provisioned to ensure proper access is granted and revoked in a timely manner.
Without a doubt, the COVID-19 pandemic has changed the face of healthcare. Hospitals and other healthcare providers may no longer have physical borders, and virtual borders will continue to blur as well. There will be lessons learned from the COVID-19 pandemic that must be examined, understood and carried forward.
Whether we face another pandemic or another public health crisis in the future, these valuable and historic times will only serve to better inform us and point the way to even stronger solutions and innovation. Now is the time to harness technology and strengthen our capabilities, before it’s too late.
To read more:https://www.himss.org/resources/healthcare-cybersecurity-during-covid-19-and-how-pivot
