As the world holds its breath in the wake of COVID-19, health officials, in particular, are bracing themselves for several potential scenarios.
Health officials are tasked with finding the fastest and easiest method to limit the spread of the disease, while also keeping an eye on potential cyber threats.
Risk # 1 - Staff surges are both common and risky
During emergencies, such as global health pandemics, hospitals often surge staffing levels. The issue? Staff who may not have regular experience with particular IT systems may now require access to them. This can lead to a variety of vulnerabilities in areas that include:
- Personal identification information
- Electronic health records
- Sensitive operational response systems
Risk # 2 - Multiple access points
When considering cybersecurity during a pandemic, emphasis should be placed on primarily protecting personal identification information and clinical patient data. This data can often be accessed at multiple points throughout a healthcare facility, therefore, extra care is encouraged.
Risk # 3 - What about the supply chain?
Emergency operations, logistical and supply chain data may also be easily accessed. Sensitive data, such as where vaccines are being produced, how, where and when they are being shipped, quantities of products that are at specific locations and more, can easily be stolen.
What can you do to mitigate the threat?
From SARS to Swine Flu and more recent pandemics such as Zika Virus and COVID-19, there is always the threat of a new worldwide pandemic as well as a cyber threat that is waiting to capitalize.
Nitin Natarajan of Domestic Preparedness lays out a couple of effective tactics designed to mitigate risk during times of concern and system overload.
- Evaluate and update plans - Conduct a review of existing emergency plans. These plans should be reviewed against current and potential future conditions. Once reviewed and updated, the staff should be re-trained on plans.
- Exercises - Whether a healthcare organization has an existing response plan or something new in mind, it is important to test its effectiveness through mock situational training. Remember to include all key partners during a test and ensure areas of improvement are addressed before further training is conducted.
Final thoughts
As the world braces for the next outbreak, so do our local healthcare officials. They are tasked with the challenge of increased patient loads, which means a strained staff and an influx of patient data; the perfect storm for cyber criminals looking to access sensitive data at a delicate time.
As history has proven, the next global pandemic can appear almost suddenly. Healthcare organizations are encouraged to not only develop cybersecurity plans, but also test them to confirm their effectiveness. This will ensure that when disaster strikes, IT teams can stop or mitigate loss, without compromising patient data and care.