Healthcare is on the front line of the pandemic battle. Not only are healthcare professionals fighting to help patients, they are also facing an unprecedented number of COVID-related cyberattacks. Cybercriminals know healthcare workers are stretched, stressed, and distracted. And they know that rushed deployments of temporary care facilities, telehealth solutions, and new apps for contact tracing often introduce new security vulnerabilities. Healthcare IT teams are under siege, forced to choose between security, accessibility, and speed of deployment. Already-constrained budgets are understandably focused on worker safety and patient care rather than IT security.
Part of the challenge is that healthcare is an increasingly lucrative target for bad actors. “Healthcare data carries an extraordinarily high value on the black market, typically worth 10 to 40 times more than a credit card number,” according to one data privacy expert. Medical records already include personal data like Social Security Numbers, health history, and billing information. Add to that the increased prevalence of contact tracing that includes people’s whereabouts, and the potential for blackmail/ransom goes up exponentially. Plus, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency reports that healthcare organizations are being overtly targeted by cybercriminals looking for a back door to steal vaccine-related intellectual property.
Phishing is the attack of choice given its effectiveness. People are always the biggest target, but healthcare organizations are particularly susceptible to COVID scams because virus-related emails from outside government agencies are regularly expected. This means that password-only protection and even basic multi-factor authentication (MFA) is not enough to protect healthcare networks, systems, and data.
Many organizations are going passwordless
Using workers’ mobile devices as their trusted workplace identity removes the risk of password hacks and phishing scams. In addition, going passwordless with credential-based authentication supports a more touchless workplace. Many healthcare organizations rely on physical smart cards for secure access to care systems and patient records from shared workstations located across the facility, and often different physical locations for healthcare networks. Physical smart cards bring the risk of surface transmission, especially when used across multiple locations. A credential provisioned directly onto the healthcare worker’s phone creates a virtual smart card, removing this risk.
To learn more about taking your healthcare organization passwordless and touchless, register for our upcoming webinar: Healthcare Goes Passwordless and Touchless.
