5 Cybersecurity Threats to Healthcare During the COVID-19 Pandemic

Digital processes and experiences persist in healthcare as the COVID-19 pandemic continues. For patients, this means paying more bills online and using virtual care options when medical attention is needed but not life-threatening. Healthcare providers are changing business operations to enable more digital interactions. This includes a shift to remote work to help maintain social distancing and other physical safeguards. This heavily digitized "new normal" also presents a new vulnerability for cybersecurity attacks.

Cybercrime Grows During the COVID-19 Pandemic
The rise in remote working arrangements and the digitization of business operations creates an opening for hackers. Healthcare organizations are a prime target for cybercrime given the sensitive nature and depth of medical data and payment information that lives on their networks. IBM Security's 2020 Cost of a Data Breach Report noted that the average cost of a healthcare data breach is $7.13 million. Within weeks of declaring COVID-19 a pandemic, the U.S. Health and Human Services Department experienced a distributed denial-of-service (DDoS) attack. In April 2020, the World Health Organization reported a five-fold increase in cybersecurity attacks.

5 Types of Cybersecurity Attacks
More digital vulnerabilities make healthcare organizations even bigger targets to cybercrooks. Becoming familiar with the tactics of hackers and other types of cyber criminals can help you know what to look out for to better protect against costly data breaches.

You'll want to guard against social engineering, a method of intrusion via digital or in-person interaction designed to trick someone into breaking security protocol and sharing confidential information. Criminals use social engineering tactics to gain employee credentials, compromise authentication systems, take over social media accounts, and more.

Here are five examples of common types of cybersecurity attacks facing healthcare today.

Business Email Compromise (BEC)
BEC involves a scam to obtain confidential, personal, or financial information from business contacts through email. Tactics include the following:

Phishing is the act of sending fraudulent communications that appear to be from reliable sources to trick victims into sharing information or downloading malware. This tactic often relies on emotions and plays to a sense of urgency or fear. Criminals use this approach to access systems and personal data or to enact financial fraud. Types of phishing include attacks that target individuals rather than groups (spear phishing) and attempts to coerce information through voice communications on the phone (voice phishing or vishing).

Criminals use ransomware to extort organizations by encrypting and holding their data hostage until a ransom is paid. Ransom costs vary based on the ransomware type and the criminals using it. The FBI's 2019 Internet Crime Report notes that the FBI received over 2,000 ransomware-identified complaints with adjusted losses of more than $8.9 million. Impacted organizations risk the permanent loss of data that can make it hard for the business to operate properly. In October 2020, the U.S. Cybersecurity and Infrastructure Security Agency issued a warning related to ransomware, stating that "There is an imminent and increased cybercrime threat to U.S. hospitals and healthcare providers."  

Mobile Threats
Remote workers often rely on mobile devices for communication needs. This opens another channel for criminals to harm organizations. Malicious and spoofed company applications, the removal of operating system restrictions, and the use of public Wi-Fi can all increase exposure to attack.

Compromised Business Social Media Accounts
Social media is a popular channel for hackers looking to infiltrate organizations and personal data. Their method of approach is to target accounts of the business and individual employees. The use of unauthorized and vulnerable third-party applications to access social media accounts, human error, and interacting with imposter accounts can all lead to serious security threats.

Tips to Help Prevent Cyber Attacks
It's important to use secure and compliant systems to protect against cyberattacks. Make sure everyone at the company understands their role, too.

Here are tips for how employees can help prevent cybercrime:


Let's Talk
Learn more about secure solutions to protect your healthcare payments and data. See InstaMed in action.

InstaMed, a J.P. Morgan company, powers a better healthcare payments experience on one platform that connects consumers, providers, and payers for every healthcare payment transaction. InstaMed's patented, private cloud-based technology securely transforms healthcare payments by driving electronic transactions, processing payments, and moving healthcare data seamlessly, and improving consumer satisfaction. Consumers, providers, and payers benefit from InstaMed's exclusive focus on healthcare, integration into any healthcare IT system, robust analytics, and proven scale.