For better or worse – though usually worse – the COVID-19 pandemic has affected every area of our lives, and cybersecurity is no exception. Whenever there is an emergency or disaster, there will always be people ready to profit from it however they can. We’ve seen coronavirus-related phishing attacks, fraudulent vaccination advertisements and more. The most worrying trend may be the increase of cybercrime against healthcare organizations, though.
Cyberattacks on the Rise
In October 2020, the Cybersecurity and Infrastructure Security Agency (CISA), FBI and HHS issued a joint cybersecurity advisory detailing the imminent cybercrime threat to US hospitals and healthcare providers. Since then, the problem has only gotten worse with a 45% increase in cyberattacks against healthcare organizations globally. While North America only saw an increase of 37%, slightly below the global average, this trend still has state and federal agencies on high alert.
The concern, of course, is that cyberattacks can disrupt healthcare services in a time when COVID-19 is pushing this sector to its limits. While attacks involve a range of vectors, including botnets, remote code execution and DDoS attacks, ransomware has really become the tactic of choice by cybercriminals. During such a critical time, they know hospitals and organizations can’t risk their data being compromised, so they’ll be more willing to meet ransom demands.
Guard Against Threats
Just as you need to practice good hygiene to protect against bacteria and viruses, it’s also important for your organization to practice good cyber-hygiene to protect against COVID-related cyberattacks. Your virtual cleaning procedures should look something like this:
- Look out for trojan infections that have infiltrated your network. They usually precede a ransomware attack.
- Always keep your guard up, especially during weekends. These are vulnerable times since IT professionals tend to be off work. In fact, most ransomware attacks over the past year have taken place during these times.
- Teach your employees how to spot malicious emails. They usually include a socially-engineered message that encourages the user to click a link or supply specific details, giving hackers a way into your network.
- Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.
- Where possible, use multi-factor authentication.
- Invest in anti-ransomware with a remediation feature that enables your organization to revert back to normal operations within minutes of detecting an infection. You should also set any anti-malware solutions to automatically renew, so you never lapse in protection.
- Audit account logs to ensure all new accounts are legitimate, and keep an especially close eye on user accounts with administrative privileges.
- Don’t underestimate the power of redundancy. Backup critical assets such as patient database servers, medical records and telehealth and telework infrastructure, and keep them somewhere secure and physically separate from your network.
What does CompanyMileage do to Protect our Customers?
As a company whose software supports many healthcare organizations, CompanyMileage makes security a top priority. As a Business Associate, we sign a BAA with every customer, ensuring that we meet the same standards for protected health information (PHI) security and HIPAA compliance that you do. We have a three-tiered system in place that meets and exceeds cybersecurity standards.
First Tier: Data Encryption
We implement table-level encryption with regular password rotation management. Our system complies with PCI DSS, HIPAA, HITECH, FISMA and other regulatory guidelines for encryption of data at rest.
Tier Two: Secure Facilities and Equipment
We have both primary and synchronized servers, separately managed and monitored 24/7. Backups occur daily, and secure servers are maintained and serviced daily with any security patches. Firewalls are also in place to prevent unauthorized access.
Tier Three: Privacy Policies
Our system ensures privacy within organizations by segregating Address Books and suppressing client names on user-generated reports. CompanyMileage also never shares customer data with third parties with your written consent, and only authorized company officials are permitted to access our own data systems.
Hackers are trying harder than ever to compromise your personal data and make more money, so you should take steps now to protect your organization. If you want to learn more CompanyMileage’s secure and simple employee mileage tracking software, request a demo today.