Hackers are increasing their attempts to break into health-care companies, putting additional pressure on an industry already struggling with managing the coronavirus pandemic. In a recent article published in the Wall Street Journal, “The logs and graphs show, oh, man, these have ramped up, it’s hard to deny that,” said Christopher Stroud, technology manager at Great Plains Health, a hospital based in North Platte, Nebraska, that serves around 183,000 patients a month. Great Plains Health normally blocks around 10,000 attempts to access its servers daily, Mr. Stroud said. After it began its first coronavirus antibody drug trials in November, it saw that number triple on average; some days, attempts have reached 70,000.

As the coronavirus pandemic spread last spring, health-care providers were placed in a difficult position. Adding to the need to care for large numbers of COVID-19 patients, hospitals experienced a revenue crunch through the canceling of elective procedures because of the virus and the reallocation of resources to response efforts. Health-care providers often use a patchwork of systems from third parties rather than their own technology, which exposes them to supply-chain risks, said Terry Ray, senior vice president and fellow at cybersecurity firm Imperva, Inc.

Vulnerability Points:

1. Networks – Hospital networks without tight access control can let hackers breach one point and move freely within.
2. Internet of Things – Connected medical devices often lack built-in security features.
3. Personal Devices – Doctors and nurses add to vulnerabilities by connecting personal devices to the hospital network.
4. Data Storage – Storing electronic medical records, payment and insurance details in a single place increases potential damage from ransomware attackers.
5. Records Disposal – Privacy can be compromised by improper disposal of sensitive information.
6. Remote Work – Security risks increase with remote COVID-19 testing and vaccination sites, couple with more non-medical staff working from home.

We often neglect cybersecurity basics, such as using two-factor authentication and running the latest operating systems. When was the last time you did a security check on your systems? What is your EHR vendor’s responsibilities and liabilities? Might be time to do a quick check and be sure you are maintaining your systems appropriately!

Stay the course, stay well, mask up, get vaccinated, and stay tuned!