One thing that makes hospitals more vulnerable today than in the past is the extraordinary increase in connected medical devices (often known as IoMT or the “Internet of Medical Things”). Network-connected medical devices make healthcare more efficient and enable better patient care. They range from simple blood pressure devices and infusion pumps to more complex machines such as MRIs, CT scanners, and ultrasounds. The obvious problem is that these network connections also make these devices vulnerable to attack.

Telehealth was an unexpected technology bright spot in 2020, as the Office for Civil Rights (OCR) relaxed enforcement of certain aspects of HIPAA, helping to reduce COVID exposure via virtual rounding and virtual visits. The following three high-level recommendations provide a basis for defense in depth for healthcare organizations in 2021.

 

As we look ahead to 2021 and to defending against an ever-evolving variety of exploits and attacks, it’s important to consider the cybersecurity attack vectors that will be most prevalent in the upcoming year.

Fortified Health Security, Healthcare’s Cybersecurity Partner released the 2021 Horizon Report, which details findings that illustrate how, as healthcare organizations continue to respond to the pandemic, cybercriminals have continued to persist in their attacks on providers, health plans and business associates – compromising sensitive patient data while impacting the delivery of care to patients.

Though many healthcare organizations still consider it optional, two-factor authentication - also known as Multi-Factor Authentication (MFA) - is an indispensable part of a secure environment, and key to protecting your medical data.

CoxHealth’s Public Safety and Security team has added K-9 officers Hugo and Ackley, both registered German Shepherds, who will begin making patrols at Cox South and Cox North in the coming weeks.

Healthcare is a vitally important industry, especially today. Sadly, healthcare organizations are frequently the targets of cyberattacks. This is especially important today because many of these attacks impede the ability of the organizations to offer care to their patients. The most severe attacks can even cause life-threatening situations.

During a time where hospitals are already strapped for resources, Mercy Iowa City hospital reported that an internal email compromise and phishing email incident led to the exposure of personal information of some 60,473 individuals.

As increasingly sophisticated cyberattacks continue to target healthcare’s essential systems - including networks, IoT medical instruments, and mobile devices - the need for advanced security protections continues to grow. Healthcare leaders are beginning to embrace the truth: cybersecurity is now an indispensable part of patient care. Yet even as this move toward secure connected technologies expands, a favorite target of malicious actors continues to be the healthcare organization’s website - especially if the site is powered by WordPress.

During the week of October 25, 2020, the UVM Health Network experienced a confirmed cyberattack affecting some systems. Despite standby procedures in place to continue providing safe care, the attack caused variable impacts on services at affiliate organizations.