Home » Readers Write » Currently Reading:

Readers Write: Five Strategies to Ensure Cybersecurity During COVID-19 And Beyond

August 3, 2020 Readers Write No Comments

Five Strategies to Ensure Cybersecurity During COVID-19 And Beyond
By Patrick Yee

Patrick Yee is chief technology officer of Ensocare of Omaha, NE.

image.

To quote New Zealand-born novelist and playwright Anthony McCarten, “We’re living in extraordinary times.” To which I’ll personally add, “that call for extraordinary security measures.”

In March, the Office for Civil Rights (OCR) at the US Department of Health and Human Services (HHS) issued COVID-19 HIPAA waivers to promote data sharing and telehealth, relaxing laws over the good faith use and disclosures of protected health information (PHI). The resulting explosion of COVID-19 demonstrates that providers need fast access to tools that identify, collect, track, and exchange data on the flux of infected patients.

Protecting the privacy and security of patient data is the health IT industry’s fundamental civic duty during a nationwide public health crisis. While a hospital’s core competency has never been and will never be information technology (IT), taking care of patients is.

As providers rightfully focus on saving lives, their IT teams have undergone a massive shift to working from home while tackling first-time coronavirus related challenges and juggling data security maintenance. Compounding the situation are short-staffed medical facilities where IT resources are needed the most.

Here are five strategies to help you protect and secure your organization’s patient data and network from cyber attacks.

Make sure your escalation procedures are sound.

A healthcare worker who spots a questionable issue must be free to report their concern so it can be addressed swiftly. Most every IT department has in place a reporting process, either a formal ticketing system or an on-call employee who accepts phone calls. Once the IT staffer quickly escalates the issue to the appropriate leader or medical professional, the healthcare worker can resume their day job. Whether the issues involve coronavirus or basic security breaches, e.g., an email phishing attack from an unfamiliar source, all team members, even those on the clinical side, should be empowered to bring up potential dangers to the appropriate parties.

Instruct your IT team to be extra diligent investigating unknown emails, links, and websites.

Cyberattacks targeting hospitals, practices, and healthcare organizations are on the rise dramatically, which can be at least partially be attributed to the exploitation of the coronavirus.

Unfortunately, remote workers are also being singled out. A recent McAfee report uncovered a correlation between the increased use of cloud services and collaboration tools during the COVID-19 pandemic, along with an increase in cyberattacks targeting the cloud. External attacks on cloud accounts grew 630% from January to April. Cisco WebEx, Zoom, Microsoft Teams, and Slack saw an increase of up to 600% in usage over the same period.

Healthcare staff members working remotely are more vulnerable and understandably distracted supporting COVID-19 patient care, which could make them easy prey for cybercriminals. The pandemic represents a huge opportunity for bad actors to compromise your systems with things like phishing emails that include faulty links and websites, ransomware attacks, and intrusions on sensitive data. Regularly remind your remote workforce to report suspicious activities by following your organization’s security protocols.

Review your intrusion detection strategy (IDS) or continue to monitor if you already have one.

An IDS is a network security technology that was originally built for detecting vulnerability exploits against a target application or computer. Intrusion prevention systems (IPS) add the ability to block threats in addition to detecting them, and have become the dominant deployment option for IDS technologies. More broadly, think of intrusion protection as personal computer security, but in a format that can look between different servers and flag suspicious activity. You should be reviewing and updating your technology and strategy regularly to ensure that you’ve kept up with all applicable best practices.

Ensure that your remote employees have corporate VPN and two-factor authentication services.

This telework protocol should already be part of your business continuity plan. It should be reviewed and updated periodically to ensure traffic is handled securely.

Home internet networks simply are not as secure as your office network. VPN and two-factor authentication services are recommended for remote connection to support the goal of making remote work as seamless as possible. Be aware that, short of completing mission-critical projects, at-home internet outages will not necessarily cause a security issue. A larger issue is whether the remote worker has the right modem installed to handle many different in-home users.

Encourage employees to use corporate laptops with encrypted hard drives that are not shared with family members.

Keep doing all of the good things you were doing before the pandemic.

Everything in your systems security plan is still valid with some possible changes for critical business continuity that should be maintained and exercised. HIPAA compliance might be relaxed, but security protocols remain doubly important in our current health crisis.



HIStalk Featured Sponsors

     







Founding Sponsors


 

Platinum Sponsors


 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Gold Sponsors


 

 

 

 

 

 

 

 

 

 

 

   

Reader Comments

  • Jim Beall: Whoops; sorry. Phase III trial......
  • Jim Beall: Re: the Janssen coronavirus vaccine phase IV trial. I don't know if this vaccine is the same one reported here (https:...
  • Robert D. Lafsky M.D.: "One of the most effective, scalable, and sustainable strategies is providing context-specific information to healthcare...
  • John: Note that MSFT announced Cloud for Healthcare in early summer allowing users to use it under beta. At that time there wa...
  • TH: If a person was assigned female at birth, transitioned to male in their 20s, and has since been on hormone therapy for 2...

Sponsor Quick Links