Health care entities still trying to adapt to the “new normal” and come to grips with cyberthreats in the shadow of the ongoing COVID-19 pandemic are finding that those threats—many from well-organized international actors—are evolving rapidly and escalating.
Still, there’s good news mixed in: The increase in threats appears to have led to an increase in threat response activities, said Tim Keeler, founder and CEO of Remediant. “Specifically, we’ve noticed an uptick in the number of health systems (providers) and government entities being targeted, with near-daily headlines exposing the latest breach,” Keeler told RPP. “Alone, these shifts may not have impacted the cyber industry, but together these trends have led to noticeable differences in health care entities’ efforts to increase security—a trend reflected in the characteristics of our sales pipeline.”
When the pandemic first gained strength in March, experts warned of existing security risks such as phishing attempts and ransomware, plus new risks associated with the dramatic increase in telemedicine and telework.
In large part, those predictions have come true. For example, Rebecca Herold, president of SIMBUS360 and CEO of The Privacy Professor, said that phishing attempts have increased dramatically. “I personally received more email phishing attempts in the first week of March than in all of January and February combined. And I am not unique—I am seeing similar results experienced by others as well,” she said. Some of the attempts are sophisticated, she said, while others “look like the early types of phishing attempts that were first used back in the late 1990s and early 2000s.”
Some emails Herold has received include old passwords of hers that no longer are in use, along with subject lines reading “I RECORDED YOU!” They claimed to have recordings of her taken through her webcam. “I anticipate many people will fall for this message, and ones similar to it, since it will create fear and surprise in recipients who are not aware of such types of salacious phishing exploits,” she said.