The pandemic slammed businesses, including health care systems. On top of the stress of COVID-19, they also saw more cybersecurity attacks.
“Health care has always been a target, but it tremendously just blew up when the pandemic started,” said Angela Kobel, Chief Financial Officer of Lincoln Health in Hugo, Colorado.
She’s talking about cybersecurity. As the pandemic stressed health care systems, the industry also saw more attempted cyberattacks.
“A lot of our employees were working remotely as we closed the hospital down, which made us vulnerable,” Kobel said. “Everybody was so busy fighting COVID and trying to figure out what was happening with COVID that we didn't have the resources to put towards IT security.”
Hospitals are at a higher risk for attacks. Many of us have personal, private information shared with our doctors, often stored digitally. So for the past few years, Lincoln Health has used a third-party company to manage its IT system. That’s where Lance Goudzwaard with ReliableIT comes in.
“Health care organizations, they need to be very careful with that information. And I'll tell you the value of each of these records is very high. It's scary to think how much a hacker can sell one record for,” said Lance Goudzwaard, Virtual CIO at ReliableIT.
And hacking is getting easier.
“My 15-year-old daughter could go to the internet and download instructions on how to hack a lot of health care systems,” Goudzwaard said.
“It's incredibly easy to find and use hacking tools, and there are services you can outsource all of this too, if you want to,” cybersecurity expert Nathan Evans said.
It’s not just hospitals that are seeing these data breaches and ransomware attacks. Earlier this year, a cyberattack on the Colonial Pipeline caused a disruption in fuel transportation, leading to gas shortages in the southeastern U.S.
And JBA USA, a large meat supplier, recently announced it too was targeted by a cybersecurity attack. There are more that go unreported, as there aren’t regulations in place in most industries to report these incidents.
“The health care sector and financial sector have government requirements to report when they actually get breached,” said Nathan Evans, an assistant teaching professor at the University of Denver.
So what does all of this mean for your data, and your accounts? Evans said part of it is trust in the organization you give your information to.
“There's not really anything we can do on an individual basis to protect our medical information. There are HIPAA guidelines that require you to, if you're handling patient data, to encrypt it and make sure it's protected when it’s in transit or in storage,” Evans said.
Another safety net you can control is enabling two-factor authentication for your accounts.
“Two-factor authentication is combining something you know, which would be like a password, with something physical, so either your cell phone or a hardware key device,” he said. “The idea is that if an attacker gets just your password, they won't be able to log into your account because they won't have this second factor.”
It all boils down to education.
“The more we are aware of these common exploits, the better job we’re going to do at preventing them,” Goudzwaard said.
He said they are able to educate employees about common attacks and tools they can use to monitor themselves, especially with e-mails where many hackers can pose as co-workers, clients, or vendors.
“We’ve definitely become more aware,” Kobel said.