In the early fog of the COVID-19 pandemic, cybersecurity took a back seat to keeping patients alive. Lost in the chaos was IT security.
When the COVID-19 pandemic first hit the U.S. hard in March, the Elmhurst Hospital was forced into a logistical nightmare.
It was a grim sign of the times, as the Queens, N.Y. hospital was flooded with hundreds of sick patients, with one medical resident describing conditions as “apocalyptic”, according to a New York Times interview. At the same time, hospitals also began a similar rush to increase capacity to keep up with growing infection rates and scrambled to find personal protective equipment (PPE), ventilators and trained staff.
Lost in the chaos was IT security. In the early fog of the pandemic, cybersecurity took a back seat to keeping patients alive. But it did not take long before important hospital systems such as telehealth patient portals, backend billing and coding systems, connected medical devices and video-conferencing platforms were stressed.
Cybercriminals took notice. Cyberattacks targeting healthcare firms have increased 150 percent since the COVID-19 virus hit the U.S. shores. The pandemic’s unprecedented impact on healthcare lay bare the gaping holes in the healthcare industry’s cybersecurity defenses. It is a sobering wakeup call that security experts say will have a lasting impact on the healthcare industry well into 2021.
Healthcare Insecurity: A Chronic Condition
Of course, healthcare cyber-challenges aren’t new. Security researchers have long pointed out myriad threats facing this critical industry segment. For instance, the hospital equipment mix includes millions of insecure, single-purpose, connected medical devices, including insulin pumps and defibrillators, that are often open to hacks because they haven’t been updated. Medical environments are also rife with critical infrastructure that runs on legacy platforms (such as Windows XP).
With COVID-19, all of the existing issues that make healthcare cybersecurity difficult have become magnified, say experts.
For instance, telehealth adoption by primary caregivers jumped by 50 percent between January and June of 2020. That required new investment in technology, when facilities are already paying a premium for testing, additional staff, PPE and ventilators.