The healthcare sector is always considered “critical infrastructure.” The ability to treat illnesses and injuries is an essential part of modern society. However, during the COVID-19 pandemic, the importance of healthcare rose dramatically. Hospitals and other medical facilities were placed under immense strain by the need to provide care to those infected by COVID-19, as well as their normal patient load. This focus on providing patient care meant that cybersecurity received less attention, increasing cybersecurity risk and leaving open potential attack vectors.

Cybercriminals Take Advantage of Healthcare’s Importance

Cybercriminals consistently focus on high-value targets for their attacks. As the healthcare industry grew increasingly critical and visible in the midst of the COVID-19 pandemic, cybercriminals targeted it with a variety of different goals.

Critical Services

During the COVID-19 pandemic, hospital capacity has been a critical concern. In some areas, any degradation in a hospital’s ability to operate could have resulted in loss of life if other nearby hospitals could not pick up the slack.

Cybercriminals took advantage of this increased importance of healthcare by making it one of the primary targets of ransomware attacks. Ransomware’s success is based upon the probability that the target organization both has the resources required to pay the ransom and that the encrypted resources are important enough to be worth paying up. Especially during the COVID-19 pandemic, the healthcare industry ticks both of these boxes.

Valuable Data

Medical records are some of the most complete sources of personal information about a person. These records contain general personal data (name, address, social security number, etc.) and payment card data (for medical bills). This makes them a major target of cybercriminals and some of the most expensive personal data for sale on the Dark Web.

With the COVID-19 pandemic, healthcare organizations’ focus is on patient care, not cybersecurity. Additionally, these organizations have been forced to become increasingly reliant digital service offerings such as telehealth platforms and electronics health records.

As a result, healthcare data is increasingly accessible from the public Internet and its protection is not a current focus of healthcare organizations or their patients. Cybercriminals have taken advantage of this with an increase in healthcare-focused malware attacks, the discovery of new telehealth software vulnerabilities, and phishing emails designed to steal patients’ sensitive data.

Public Interest

During pandemics and other healthcare crises, like COVID-19 or the H1N1 epidemic, interest in the healthcare sector skyrockets. During COVID-19, the average person’s knowledge of vaccination and epidemiology increased as people searched for updates regarding the status of the COVID-19 vaccine and pandemic and how to protect themselves.

Cybercriminals take advantage of this type of increased public interest via phishing attacks. Whether a pandemic or the latest Olympics, people are more likely to open emails associated with current events. As a result, the number of COVID-19 related phishing emails – sent to both the general public and healthcare organizations in particular – rose dramatically in 2020.

How MorganFranklin Can Help 

The COVID-19 pandemic has transformed the healthcare industry. While some of these changes may go away once the pandemic ends, others may be here to stay. At the very least, healthcare and its patients are more dependent on and comfortable with digital service offerings.

MorganFranklin can help these organizations to secure their new digital environments. This includes support for everything from initial risk assessments to application security to identifying and deploying necessary cybersecurity solutions.

Talk to one of our cybersecurity experts