Healthcare organizations are major targets for cyber-criminals—a threat that increased during the global COVID-19 pandemic and continues to be a challenge. Cybersecurity often takes a backseat to patient care as organizations have struggled to keep up with the unprecedented demand on services and requirements for IT infrastructure expansions to accommodate telehealth and other new initiatives. Cyber-criminals capitalize on this reality and use phishing campaigns, ransomware and other targeted attacks while healthcare is most vulnerable.
The pandemic created a number of new threats that many organizations were not prepared to address. For example, organizations that traditionally had IT resources in their own data center and all of their IT security protecting their own network perimeter may find little protection available for employees that now work from home. Other organizations find comingled data being stored in the cloud without the appropriate security and privacy controls in place, leading to unauthorized access by both insider threats and external attackers.
An overall reduction in visibility into systems and security has allowed attackers to compromise systems without being noticed, potentially resulting in deployment of malicious software such as ransomware, locking critical systems and data until a ransom is paid.