COVID-19 and hacking go together like… well, any emergency and hacking. When an event is alarming or upsetting, hackers will quickly and eagerly exploit it. But with the influx of COVID-19 cases, the healthcare industry has become especially at risk for attack. And since this industry is so important to fighting that very virus, it’s important to know why they’re at increased risk in order to make themselves a smaller target.
Here are three reasons why the healthcare industry is a main target of COVID-19 hacking attacks (and three ways to become less of a target):
Industry-Specific Messaging
When phishing, a hacker will make their message as relevant to the receiver as possible. For instance, if they’re trying to hack a legal firm, they might mention a new law or important legal case. And for the healthcare field, they might mention supply shortages, new symptoms of an illness, or information about a cure. Unfortunately, all of this messaging applies to COVID-19, and that information is everywhere and constantly changing. For this reason, it can be difficult to tell what information is real versus what is fabricated—which makes it easy for a hacker to exploit.
It’s important that your employees understand how to identify a phishing attack. Testing and training will help them prepare, but you’re only as strong as your weakest link. In order to be as ready as possible, make sure your employees are shown examples of COVID-19-specific phishing attacks. And once they can identify these attacks, you’ll want to implement policies for how to report them before they spread.
Sensitive Information
HIPAA violations are serious. In fact, they’re so serious that most businesses would rather pay a ransom than risk their sensitive information being leaked. Hackers know this, and for that reason, they’ll often target industries that can’t afford to have leaks, like hospitals. This is especially true right now, since hospitals are low on resources and manpower; many of them are at full capacity, both in terms of beds and available time. The last thing they want is to deal with a ransomware attack on top of everything else. And that’s exactly why a hacker might attack them—because they know they’re overwhelmed and will likely pay up.
Unfortunately, paying a single ransom funds additional ransomware attacks. And even if you pay, there’s no guarantee that the hacker won’t distribute your information. For these reasons, it’s always better not to pay a ransom, and it’s always best to avoid succumbing to attack in the first place. Along with testing and training, Multi-Factor Authentication (MFA) will greatly protect you from these attacks. MFA requires multiple levels of user credentials, thus providing additional defenses against sensitive information being breached.
Fatigue Exploitation
As we’ve said before, hackers are always looking for easy access points. And sadly, with the spread of COVID-19, many healthcare workers are overworked and exhausted. It’s easy to take advantage of someone like this (and convince them to a click an infected link), since their focus is split between multiple priorities. For that reason, employees must be constantly reminded that safety is a priority, too.
A culture of cyber security is essential for keeping your business safe. When everyone understands and utilizes best practices, your business will present a united front against attacks. Additionally, if one employee takes it seriously, it’s more likely that someone else will, too. Thus, your workplace culture should focus not only on cybersecurity’s necessity, but also on the value it brings to your business.
COVID-19 and hacking must be taken seriously, especially by the healthcare industry, which will continue to be a primary target of cyberattacks. But just because you’re a target doesn’t mean your business can’t defend itself. Through testing and training, MFA, and a culture of cyber security, your business will be better prepared for whatever hackers throw your way. In turn, you’ll have one less thing to worry about, which means you can better focus on helping your patients, taking care of your employees, and getting to the other side of this pandemic.
