Zero Trust

"Cyber criminals will use a time of crisis to cover some of their actions in a very opportunistic way. And so we try to track and match our operations and vigilance to that."

Covered entities and their cloud-service providers both have jobs to do when it comes to protecting hosted patient data – and have to strike a balance deciding who does what.

Intelligence agencies, security firms and Big Tech giants and all ringing alarm bells over the growing threat from cybercriminals in the wake of the global COVID-19 pandemic – with ransomware attacks, opportunistic phishing threats and other malicious activities all threatening healthcare organizations worldwide. Scams by so-called gray-marketers for personal protective equipment have been increasing steadily as healthcare professionals face shortages of critical supplies. The FBI has issued a warning about Kwampirs malware targeting supply chains including the healthcare industry – Kwampirs is a backdoor Trojan that grants remote computer access to attackers. "One of the reasons for this increased risk to the supply chain and the healthcare sector is a rise in the number of people who are now working from home because of the COVID-19 pandemic," Elad Shapira, head of research for third-party security-management-automation specialist Panorays, wrote in a research note. "As a result, companies now face technology risks such as unmanaged devices, shadow IT and insecure access, along with human risks like increased phishing attempts." Meanwhile, Microsoft is warning hospitals to watch out for sophisticated ransomware attacks that could target them through their VPNs and other network devices. The company has already sent targeted notifications to dozens of at-risk hospitals. In particular, Microsoft singled out the ransomware campaign REvil (also known as Sodinokibi), which actively exploits gateway and VPN vulnerabilities to gain a foothold in target organizations. Following a successful exploitation, attackers can then steal credentials, elevate their privileges and move laterally across compromised networks, installing ransomware or other malware payloads. Critical infrastructure systems in hospitals are particularly threatened by ransomware, which can be locked up by malicious actors and only unlocked following hefty payments. Cybercriminals are also exploiting the crisis by selling Chloroquine, COVID-19 test kits and respirators for astronomical prices, reported a cybersecurity software provider, a finding that mirrored recent advisories from European law enforcement agency Europol. The firm found underground vendors offering surgical masks and N95 respirators for a 400% to 500% markup, and others selling prescriptions of Chloroquine plus Azithromycin for $500 to $1,000, which for a 30-day, 250 mg. prescription would normally run between $111 and $165. The World Health Organization has reportedly seen attempted cyberattacks double since the onset of the COVID-19 crisis, and a vaccine-testing facility has also been targeted with ransomware. As healthcare organizations battle the pandemic, they're also facing heightened cybersecurity threats from malicious actors looking to take advantage of the crisis caused by the outbreak. Nathan Eddy is a healthcare and technology freelancer based in Berlin. Email the writer: nathaneddy@gmail.com Twitter: @dropdeaded209

"Zero trust flips the security model: Instead of 'trust but verify,' organizations 'always verify but never trust,'" one security expert explains.

As state and federal legislation in the US and elsewhere tries to catch up with the digital health economy, the patient at the center of that economy might struggle to know just how private their data actually is.

"SweynTooth" impacts several microchip and medical device manufacturers, and could allow bad actors to wirelessly crash or access these products, according to the agency.

Cybersecurity experts warn healthcare organizations not to pay up for fear of more attacks, but some provider organizations had no choice last year.