Increasing risk of cyberthreats looms as the world comes to a standstill from the novel coronavirus (COVID-19) pandemic. At the same time, the global healthcare system struggles to address the growing number of people testing positive for the virus.
There is a global surveillance tool from the World Health Organization (WHO) to record acts, threats of violence, or obstruction that interfere with the availability or delivery of curative and preventive healthcare services. Especially those in conflict- or crisis-affected countries.
However, as we become an increasingly connected healthcare ecosystem, more vulnerabilities present themselves. There is a new wave of cyberattacks, particularly in healthcare, and it is imminent to “Safeguard against COVID-19 Personification,” as we take a look at securing critical healthcare services at risk.
SECURING MEDICAL FACILITIES
Medical healthcare facilities are typically large, soft targets particularly vulnerable to cyberattacks. Recent reports show cyberattacks targeting hospitals, clinics, pharmacies, and distributors of medical equipment have soared worldwide, as the COVID-19 pandemic continues. As recently as the 14th of March 2020, Brno University Hospital in the Czech Republic was hit by a major cyberattack, causing an immediate computer shutdown. Being the second-largest hospital in the country, it hosts one of the 18 laboratories used for the COVID-19 tests. Based on news reports, the National Cyber and Information Security Agency (NÚKIB) is working to identify the root of the problem and remedy the situation.
Security Information Event Management (SIEM) systems and other Security Monitoring (SOC) services are one of the many tools used by healthcare providers to protect critical infrastructure, devices, and data. In this mix, a ‘trusted’ security telemetry agent and associated services, when employed, can enable essential logging of security events, and attackers cannot compromise the data. Mobile devices that host medical applications are an easy target for malware and any other opportunistic cyberattacks with a COVID-19 personification. A secured telemetry agent should produce reliable and robust critical events of security in near real-time, without any complicated forensics and additional processing required.
Figure 1: As the COVID-19 cases climb, the importance of quick diagnostics and remote care will become even more important. Mobile devices providing data-driven insights that can improve the accuracy of diagnostics and treatments. And the impact on mobile devices is even greater when combined with cloud-based services. Source: 2020 Mobile Security Index: Healthcare Edition
SECURING MEDICAL EQUIPMENT
In today’s healthcare ecosystem, connected medical technologies seamlessly bring patient and equipment data together from a wide range of therapy and monitoring devices, clinical information systems, and other sources. A large variety of medical equipment, currently in use at hospitals worldwide, may not comply with cybersecurity best practices and the latest US FDA guidance on the management of cybersecurity in medical devices. The cybersecurity safety communications and the frequency have shot up tremendously more vulnerabilities – 17 reported formally reported to ICS-CERT, 9 with a CVSS > 8 in 2018 alone.
With multiple systems and devices, there are numerous opportunities for cyberattacks from web servers to database servers, application software to direct access attacks. Unfortunately, today, there is also a shortage of medical equipment, especially ventilators, needed to treat critically ill COVID-19 patients. As medical equipment manufacturers ramp up production to better prepare to meet future healthcare delivery needs, they should ensure that they are employing a defense-in-depth approach to design. Thereby deploying trustworthy devices that confidently maintain their core functionality while successfully adhering to the necessary regulations to combat any cyberattack.
The world is moving towards digital technology, and healthcare entities have to look at COVID-19 as an opportunity to ramp up and catch up with the rest of the world. However, digitalization is not only about tools, but it is also about putting the right processes in place. One of those is Security. Physical yes, but what is going to be most important in the future is digital security, and finding the right software security products and services and partners is imperative.