Protecting Healthcare Data During a Pandemic

Hacker in a Pandemic

As providers focus on the frontline of COVID-19, hackers are on the attack even more. In an industry that was already targeted and re-targeted for cyber crimes, there have been 108 healthcare data breach incidents affecting 500 or more records reported so far in 2020, versus 510 reported for all of 2019.

Researchers tracked almost 10,000 attempted phishing email cyber attacks linked to the coronavirus crisis since the beginning of March. This compares to about 1,800 in February, a 455% increase in just one month, and there’s no sign of the attacks slowing down. These malicious emails use the trending coronavirus topic to lure individuals into clicking on dangerous links and downloading attachments that typically include computer viruses.

With these increased attacks come new exploitations – fraudulent emails are now impersonating widely recognized and trusted domain names from the World Health Organization (WHO) and the US Centers for Disease Control and Prevention (CDC). The fake emails play to readers’ emotional responses about COVID-19, requesting passwords and even asking for bitcoin donations to fund a fake vaccine. Hackers also prey on the public’s increased need for information and are sending more emails that impersonate CEOs appearing to give a company-wide update that includes fake links. This is the opening hackers are looking for to gain access to healthcare networks and, ultimately, valuable PHI.

These new attacks pile on top of the already overly cyber-attacked healthcare industry. A recent report found a staggering 90% of healthcare organizations experienced an email-borne threat in the past year. While 3 out of 4 providers are now engaged in a cyber-resilience program, only half of respondents have a high level of confidence with their current security deployment. More concerning is that this survey was conducted prior to the coronavirus adding a massive uptick in cyber attacks.

An Active Archive Helps Protect Legacy Data from Cyber Attack
Only 17% of healthcare organizations believe their current data protection solutions will meet their future data protection needs and requirements. This leaves a lot of room to further secure patient, employee, and business records – especially legacy records that may be stored in outdated, vulnerable servers.

Legacy systems, by the sheer nature of their age and diminished capacities, are more prone to vulnerabilities including cyber attack. In a HIMSS cybersecurity survey of healthcare providers:

  • 69% indicated that they had at least some legacy operating systems in place at their healthcare organizations
  • 83% of those still operate with Legacy Windows Servers (e.g., 2003, 2008, 2012, 2016 and XP)
  • 14% of respondents said over 10% of their systems qualify as a legacy operating system

One immediate step healthcare providers of any size can take to bolster security is to evaluate their legacy data management strategy and implement an archiving solution. An active archive is a data management platform that provides a single point of access to historical patient, employee, or business data for healthcare enterprises. This web-based solution, with its release of information workflows, Single Sign-On integrated clinical views, revenue cycle features, and eDiscovery capabilities provides a significant return on investment for healthcare delivery organizations decommissioning legacy systems. The solution consolidates data stores, reduces out-of-production system maintenance costs, mitigates technical risk, complies with record retention mandates, and offers both interoperability and data analytics capabilities.

Most importantly, an archive and decommissioning plan can eliminate the number of doors and windows you need to protect within a healthcare IT landscape. Less entry points equals better security odds, which is paramount in a time when the industry continues to come under fire.

When considering decommissioning legacy systems and determining how to handle legacy data management to shore up the risk factor to your PHI, there are a few things you’ll want to ask any future archiving partner to ensure cybersecurity is a high priority in the project.

Bottom line: Active Archiving is the one big defensive move your healthcare organization can take immediately to protect its EHR, ERP, and HR systems to keep cyber criminals locked out.

If your provider organization needs help protecting legacy records in this hostile, hacker-centric environment, Harmony Healthcare IT, a leading and award-winning health data management firm, is ready to lend a hand.

May 12 2020

Ready to learn more?

Contact us today to learn more about our healthcare data management solutions.

First Name *
Last Name *
Email *

Healthcare IT tips, guides, news & more delivered to your inbox

Sign me up