Data security is always a challenge that businesses must rise to meet, but the COVID-19 pandemic has complicated things significantly by creating situations that make ensuring this security even more difficult. Let’s go over the impacts that many organizations—especially those in the healthcare industry—have had to deal with due, in part, to the coronavirus.
COVID-19 and Cybercrime
Here’s the hard truth: cybercriminals are nothing if not opportunistic. Therefore, it only makes sense that they would take advantage of any situation… even one that has caused as much pain, loss, and conflict as the COVID-19 pandemic has.
It also hasn’t helped matters that many more people are working remotely than ever have before. As people have tried to stifle the spread of the virus, social distancing has become a common precaution, so those who can still perform their job without spending time in the workplace have done so at a much higher rate. While this may be an effective way to limit coronavirus infections, it can have the unintended consequence of promoting malware infections and other cyberthreats.
For instance, many organizations have seen notable increases in the following threats:
As more people than ever have been working from home, the likelihood of mistakes has increased considerably. People are less focused with their families at home, in addition to the many distractions that just aren’t present in the office. As a result, they are more prone to errors, which can commonly lead to security incidents.
Take, for instance, Public Health Wales, one of the 11 member organizations that make up the Welsh branch of the National Health Service. On August 20, somebody in the organization mistakenly uploaded the personal information of 18,105 COVID-positive Welsh residents, where it remained for about 20 hours and was viewed 56 times.
Phishing and Ransomware
Again, while working from home, many people are relying on communication tools, particularly email. Historically, cybercriminals—specifically, phishers—have used email to their advantage as a threat vector to leverage phishing attacks and distribute various forms of malware. Phishing has commonly been used as a means of spreading ransomware in the past, and now that people are still seeking out news regarding the coronavirus, phishing is often easier than ever if related keywords are included.
Credential Hacking and Brute Force Attacks
Last year, businesses were already experiencing a considerable amount of data issues due to their credentials being either stolen, or brute-forced, by hackers. This year, cybercriminals have had even more success with these tactics, as many employees have been functioning outside of the office, its protections, and the heightened awareness that the professional workplace can bring.
Healthcare Organizations May Face the Biggest Risks
Figuring out why cybercriminals so often go after healthcare organizations is a bit of a no-brainer. After all, there are several factors that would encourage this trend:
- Healthcare organizations possess a significant amount of personally identifiable information and payment card credentials.
- Due to the strict consequences that a healthcare organization might face following a breach, they may be motivated to pay up just to get the situation over with.
- If not for that reason, a healthcare organization can’t properly care for their patients without access to their data, adding another motivation for it to comply with a cybercriminal’s demands.
Of course, the current crisis has added its own assortment of complications to many healthcare organizations in terms of their cybersecurity (in addition to the other operational stresses, of course):
- Telehealth has experienced a growing interest from hackers as more people exercise it as an option.
- Scrutiny of healthcare organizations and their policies has risen as other breaches are revealed.
- Contact tracing applications have raised concerns about patient privacy, as data is collected to help protect the public health. Even if these applications are built to be secure, these healthcare organizations will likely have a tough time getting many people on board.
While there are many factors and circumstances that all businesses, especially healthcare organizations, must consider right now, S3 Technologies, Inc. can have their back. Give us a call at (505) 242-5683 to learn more about our IT and support options.