Why a data security sting lurks in COVID-19’s long tail
Alongside the physical threats that COVID-19 has imposed on healthcare, it has also brought on an even more invisible threat as healthcare institutions have (1) ramped up telehealth integration and (2) had to divert resources away from cybersecurity defenses in order to cope with the more immediate threat of the virus. Organized cyber-crime has seen an opportunity to open up as a result of these more extensive vulnerabilities, and the attacks that have been witnessed have ranged from ransomware attacks to rival state infiltration of coronavirus research labs.
The cyber-attack threat rose in parallel with the pandemic: the World Health Organization saw its systems attacked at a rate 5 times higher than before the pandemic onset. In addition, the media revealed several high-profile attacks: (1) A ransomware attack on Brno University hospital in the Czech Republic, (2) a similar attack on the Hammersmith Medicines Research Center, and (3) a DDoS assault on the United States’ HHS Department. The pandemic aggravates the scale of such attacks by the potential damage of delayed test results and the vulnerability of having such a large increase in the volume of patient data living on the servers.
The tradeoff that is being challenged is security vs. accessibility. There is an increase in the number of staff and patients interacting with online services which allow for more efficient and improved healthcare, but good security practices are not always scaled accordingly.
Data security takes a single individual to bring down, and in the distracted hospital environment with individuals who have only been recently been informed about best practices, it is very difficult to secure these single points of failure or discover them before they’re can cause maximum damage.
Suddenly, we also have many more internet-connected devices accessing or uploading private healthcare data, and this data is worth 10-40 times more than credit card information. This increase in value, coupled with distracted, overworked, and stressed staff put hackers in a good position to demand larger than ever ransoms for stolen data, especially when the data these hospitals are transferring are more private than ever (for example, location data from contact tracing).
