The Shift to Telehealth Highlights New Security Challenges
October is National Cybersecurity Awareness Month, and the theme for week three is “Securing Internet-Connected Devices in Healthcare.” The healthcare sector in general has become a popular target for hackers.
Of the 3,950 breaches reported in Verizon’s “2020 Data Breach Investigations Report,” released in May, healthcare accounted for the most in any identified sector with 521, or about 13.2 percent of the total. “Financially motivated criminal groups continue to target this industry via ransomware attacks,” notes the report.
With the onset of the COVID-19 pandemic, concern about attacks on hospitals and research centers working on vaccines and treatments grew stronger. The Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, is spearheading a program to help increase cybersecurity awareness and protections on that front.
At the VA, the boom in telehealth services presented a major security challenge. The agency’s expanded telehealth program attracted about 491,000 patients in 2019; between March and August of this year, it saw about 3 million patients, says Paul Cunningham, the VA’s CISO.
“What we’re looking at now is, how do we improve the gateways in terms of capability and bandwidth, because we know that we have more and more people accessing those resources,” he says. “How are we making sure that only authorized users are coming through?
“It all revolves around those key principles of knowing what’s on your network, who’s on your network and what they’re doing on that network,” he adds. “Whether it’s an EKG machine or an insulin pump or an intern who’s checked in for their first day or even a cybersecurity administrator, all those things still apply.”
How Combining Networks May Decrease Cybersecurity Risk
Within the DOD, the concern centers on phishing-related attacks, many with a COVID-19 angle, such as fake offers of test kits for people who provide personal information.
“Human error data breaches, just like improper handwashing, puts us at risk,” Servio Medina, branch chief of the cybersecurity division of the DHA, tells Health.mil. “We need to change human behavior so we’re not making ourselves more vulnerable to ‘cyber infections.’”
DOD officials are working to boost IT security across its medical system by blending its virtual local area networks, many of them legacy, into what Federal News Network describes as “a new 13-zone architecture, with each zone designed for a different level of security to segment network traffic.”
This new Medical Community of Interest would cover about 240,000 users worldwide under a single security environment.
“Since we’ll have that same design at each facility, it’s going to allow inheritance of security controls, reduced variants in configuration, and is going to greatly reduce the time to complete our risk management framework processes for each enclave and the associated systems,” DHA CIO Pat Flanders tells Federal News Network.