Pandemic telehealth explosion whips up healthcare cybercrime
IT
A new report from top US information protection outfit CI Security reveals a 36% increase in IT breaches in the second half of 2020, attributing the rise in cybercrime to lack of vigilance during a sudden massive demand for telehealth under Covid conditions.
And 75% of the breaches were linked to business associates of providers or third parties, the CI Security report showed, with the number of breaches of patient records increasing more than 180% in the back half of 2020 against the first half. The vulnerability of healthcare entities was rapidly uncovered by a number of pandemic-related factors, including employee turnover, telemedicine scale-ups, testing and vaccine rollout technology, fast-tracked vendors, and more generalised attacks.
Hearing-health firms and audiology practices are among the many health organisations that should attend CI Security’s call for vigilance, particularly in regard to the security risks of working with business associates, looking carefully at telehealth services, securing work-at-home environments, and deploying identity and access management software.
The cost of major cybercrime incidents is well known to the audiology market, hearing giant Demant suffering a major breach in September 2019 that cost the group DKK 575m (approx $94m) in revenue loss and many months to restore operational fluidity worldwide.
Necessities driven by Covid have created and exposed many weaknesses in how medical-related businesses handle and safeguard their records. "Healthcare providers were so consumed by the sudden onset of the pandemic, and so busy asking for exceptions to their standard security plans in order to respond to rapidly changing COVID-related conditions, they didn't report breaches in a timely manner; or that they were breached, but didn't know it yet," reads the CI Security report.
Indeed, some highly effective computer viruses such as the Ryuk ransomware used to attack more than 250 Universal Health Services in the USA in September 2020 is often programmed to hibernate for months at a time, leading some entitities into a false sense of security.
Source: MedTech Dive