Women sitting at desk working on computer.

It has come to our attention that IT security issues are a major concern as clinicians and staff continue to work remotely. Many employees outside of the normal work environment are susceptible to browsing suspicious internet sites and/or phishing attacks.

Cyber criminals are already taking advantage of the situation created by COVID-19, and employees may inadvertently expose sensitive data or facilitate a ransomware attack. Healthcare organizations must evolve their working from home guidelines due to the stay-at-home orders around the globe. 

The most recent HIMSS Healthcare and Cross-sector Cybersecurity Report found that cybercriminals, state-backed groups and others are reorganizing to capitalize on the COVID-19 crisis. 

“While phishing remains a significant threat during the COVID-19 pandemic, criminals are also heavily engaged in financial fraud (including in regard to economic stimulus payments), intellectual property theft, distributed denial of service campaigns, and more,” wrote HIMSS Director of Privacy and Security Lee Kim in the report.

Targets have also included supply chains, those seeking to buy medical equipment such as masks or gloves online and virtual private networks. People who are not used to working from home may not recognize attempts to breach security.

To keep data safe, experts advise implementing multifactor authentication, training employees on best practices and addressing security requirements across all applicable regulations.

“Resources are available for consumers (such as from state attorneys general), for businesses … and from the government to bolster security awareness and help guard against criminal activity during the COVID-19 pandemic,” Kim noted.

Healthcare Protected Health Information (PHI) is a valuable data set for cybercriminals. It is estimated that healthcare PHI is five times more valuable than Personally Identifiable Information (PII). The main reason for the difference in value is that PHI data can be used to fraudulently bill Medicare and Private Payers for services that were never rendered.