Security threats to health care entities will continue to escalate in 2021, as bad actors with significant capabilities target pandemic-weary organizations still struggling with a stay-at-home workforce, cybersecurity experts report.
This year’s threats will look familiar: phishing, ransomware and information technology (IT) changes will all play a role, experts told RPP. However, those threats are evolving to become more sophisticated, making defense against them more difficult even as new tools arrive.
“As artificial intelligence is being rolled out on the defensive side, bad actors have similar tools that allow for a once-complicated task or hack to be as simple as the push of a button,” reported Roger Shindell, founder and CEO of Carosh Compliance Solutions.
In addition, the pandemic has caused massive uncertainty, said John Ford, a strategist at IronNet Cybersecurity. “Attackers excel when change and uncertainty consume our efforts,” he said. “They have the benefit of watching and anticipating both old and new vulnerabilities while the rest of us are trying to do our jobs, whether that is directly tied to care delivery or the monumental support system that our health care system requires.”
There’s little good news, said Michelle O’Neill, director of corporate compliance at Summit Health Management in New Jersey. Last year “included a variety of new security threats and attacks directed at hospitals and health care organizations,” O’Neill told RPP. “The thought is that in 2021, hospitals and health care organizations will continue to be a target, but that the cybercriminals will improve their abilities and become more successful.”
To ease the way through the pandemic, OCR provided some leeway to health care organizations during 2020, specifically providers and business associates (BAs) that provide telehealth services, O’Neill pointed out. “This was very helpful in providing patients the care they need and quickly, without fear of penalty. But this also added new security threats to patients, physicians, organizations and business associates that provided these telehealth platforms,” she added.