Even before the COVID-19 pandemic there were growing concerns around cybersecurity issues facing the healthcare sector. The WannaCry ransomware attack on the NHS was arguably what helped catalyse this concern but coronavirus has made things even worse, particularly in care homes, which are under a larger amount of pressure than ever before.
COVID essentially opened the floodgates for cyber criminals, with the world pivoting online at a spectacular speed. With so much of our valuable information online and more criminals than ever utilising online tools to commit nefarious acts. But why is the healthcare sector specifically so at risk and what can be done to mitigate those cybersecurity risks?
Lack of formal training with IT equipment – Especially in care homes, where workers tend to be relatively computer illiterate, there is very little in the form of training with computer equipment. This is something that can be remedied quite easily with a simple mandatory minimum training session for all care workers. Having a better understanding of cybersecurity will reduce the overall threat to operations and take pressure off home care insurance policies.
Encryption protocols are not widely implemented – Hackers are always going to hone in on the areas where they’re going to have an easy ride and the healthcare sector is, unfortunately, much less likely to encrypt its data than the financial sector even though the information at hand is arguably just as valuable. Without proper encryption, systems are left open to attack.
Weak passwords and shared accounts – Let’s be honest, how many of us use the same password for every situation in both our personal and work lives? At certain institutions, this wouldn’t be tolerated but in many healthcare sector workplaces its common for staff to be allowed access to patient files with little more than a password they set themselves. This is information that should be locked behind two-factor authentication at least. Many hospitals and care homes also allow access to important systems through shared generic accounts for convenience.
No restrictions on portable media – Proximity hacks are some of the most devastating around and hackers don’t need a laptop to do them anymore. All they need is a mobile phone and training on how to circumvent basic cybersecurity. As there are free restrictions on these devices in many medical institutions, it leaves them wide open.
How to protect yourself
Improving security should be your first port of call. This can be done by establishing a firmer culture of security at the workplace, using firewalls, training and protecting mobile devices and using strong passwords that are changed regularly. In case the worst should happen, however, knowing you have a protective policy in place will mean financial stability if a cyber attack should occur.