Skip to main content

Healthcare IT Under Siege

Aug

21

2020

Time to read

Read so far

Written by: 

Jenn Markey

Time to read

Written by: 

healthcare-it_blog_1000x420

Healthcare is on the front line of the pandemic battle. Not only are healthcare professionals fighting to help patients, they are also facing an unprecedented number of COVID-related cyberattacks. Cybercriminals know healthcare workers are stretched, stressed, and distracted. And they know that rushed deployments of temporary care facilities, telehealth solutions, and new apps for contact tracing often introduce new security vulnerabilities. Healthcare IT teams are under siege, forced to choose between security, accessibility, and speed of deployment. Already-constrained budgets are understandably focused on worker safety and patient care rather than IT security.

Part of the challenge is that healthcare is an increasingly lucrative target for bad actors. "Healthcare data carries an extraordinarily high value on the black market, typically worth 10 to 40 times more than a credit card number," according to one data privacy expert. Medical records already include personal data like Social Security Numbers, health history, and billing information. Add to that the increased prevalence of contact tracing that includes people's whereabouts, and the potential for blackmail/ransom goes up exponentially. Plus, the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency reports that healthcare organizations are being overtly targeted by cybercriminals looking for a back door to steal vaccine-related intellectual property.

Phishing is the attack of choice given its effectiveness. People are always the biggest target, but healthcare organizations are particularly susceptible to COVID scams because virus-related emails from outside government agencies are regularly expected. This means that password-only protection and even basic multi-factor authentication (MFA) is not enough to protect healthcare networks, systems, and data.

Many organizations are going passwordless

Using workers' mobile devices as their trusted workplace identity removes the risk of password hacks and phishing scams. In addition, going passwordless with credential-based authentication supports a more touchless workplace. Many healthcare organizations rely on physical smart cards for secure access to care systems and patient records from shared workstations located across the facility, and often different physical locations for healthcare networks. Physical smart cards bring the risk of surface transmission, especially when used across multiple locations. A credential provisioned directly onto the healthcare worker's phone creates a virtual smart card, removing this risk.

To learn more about taking your healthcare organization passwordless and touchless, register for our upcoming webinar: Healthcare Goes Passwordless and Touchless.

jenn-markey-headshot
Jenn Markey
Advisor, Entrust Cybersecurity Institute
Jenn Markey is a content advisor and thought leader with the Entrust Cybersecurity Institute. Her previous roles with Entrust include VP Product Marketing for the Payments and Identity portfolio and Director Product Marketing for the company’s Identity and Access Management (IAM) business. Jenn brings 25+ years of high tech product management, business development, and marketing experience to the Entrust Cybersecurity Institute with significant expertise in content development and curation.
View all of Jenn's Posts