Focusing on privacy and security in the coronavirus new normal

In a recent HIMSS20 Digital presentation, Microsoft M365 Security and Compliance CTO Hemma Prafullchandra warned that bad actors have felt empowered to take advantage of coronavirus fears.

The speed and scale at which healthcare organizations have had to embrace cloud hosting, often without proper due diligence, could lead to lasting risks and vulnerabilities for a much bigger attack surface, according to new report from security vendor Vectra.

The medical school was hit by an opportunistic malware attack on June 1, and the encrypted data was "important to some of the academic work we pursue as a university serving the public good," officials said.

As virtual health deployments scale up and become routine, everyone – vendors, clinicians, patients and compliance officers have a role to play in keeping video and streaming remote monitoring data secure.

A commanding 94% majority of respondents to a new Black Hat survey says the pandemic has increased cybersecurity threats to enterprise systems and data – and many say it will continue to.

As new distributed ledger platforms have emerged, the tech has shown promise for the security of COVID-19 contact tracing, and so has the potential for data siloing.

Two compliance experts discuss how healthcare providers should address protected healthcare information, whether HIPAA needs an update, and how to balance the demands of privacy and data exchange.

In a new investigation by Amnesty International, the two Gulf states and Norway have released apps that reportedly operate as mass surveillance tools.  

More than 40% of survey respondents said they didn't trust any organization to keep their data safe.

The Norwegian Institute of Public Health will delete all collected data and suspend operations to address security concerns.

The 25-bed hospital, which did not pay the ransom, is still working to get full access to files from August 2012 through August 2017.

The error allowed a patient to access video recordings of another patient’s consultation.  

Experts say the coronavirus pandemic acts like "blood in the water" for cybercriminals looking to exploit tech vulnerabilities.

Experts say a functioning system should be based on understanding your workforce, your technology and your employee workload – and it should involve everyone in your organization.

The Exposure Notification Privacy Act requires public health officials to be involved with any exposure notification systems and prohibits commercial use of users' data.

Big transitions can present an opportunity to enact security improvements, but they can also make a complicated process even more complex.

Hackers are taking advantage of provider distraction to breach health systems.

A recent sample of 50 worldwide COVID-19 apps published in Nature Medicine highlights found only 16 that promisted to anonymize, encrypt and secure the data they collect.  

The telemedicine vendor doesn't store patient data, explained founder Brandon Welch, and relies on peer-to-peer video-calling software working inside browsers to minimize potential vulnerabilities.

According to an Amnesty International investigation, personal information, including names, national ID numbers, health status and location data could have been exposed.  

Healthcare IT News staff discuss how security pros are coping with opportunistic attacks. Plus, a recap of the recent HIMSS Digital Webinar featuring HIMSS CEO Hal Wolf and National Coordinator for Health IT Don Rucker.

Phishing is still the number-one cause of breaches, according to the newly released BakerHostetler Data Security Incident Response Report, with ransomware on the rise.

The legislation would forbid companies from using health information for "discriminatory, unrelated or intrusive purposes."

Even as ONC and CMS push for wider patient data sharing, many healthcare consumers are hesitant. The American Medical Association has issued new privacy principles supporting the rights of individuals to control how their health information is used. 

Persistent flaws in the ability to accurately ID and match patient records are hindering two must-haves on the road to reopening: contact tracing and, eventually, vaccine administration.

The HIMSS chief clinical officer says technology can be used more effectively to plan for healthcare provision in a second wave of the pandemic and beyond – and that we should not shy away from a proper discussion about the role data is set to play.

Acronis believes it is likely cybercriminals will target government agencies, healthcare facilities and medical professionals treating patients during the COVID-19 crisis.

Ad hoc COVID-19 medical centers have a unique set of vulnerabilities: They're remote, they sit outside of a defense-in-depth architecture and the very nature of their purpose – care in a time of crisis – means security is a lower priority.

And that's not counting more than 240 million daily spam messages launched at Gmail users that try to capitalize on the coronavirus crisis.

As opportunistic attacks ramp up, the groups offer recommendations for VPNs and cloud-based services, coronavirus-themed phishing emails, telehealth deployments, and medical device security.

"Cyber criminals will use a time of crisis to cover some of their actions in a very opportunistic way. And so we try to track and match our operations and vigilance to that."

While European governments look to digital health technology for ways to speed up their containment strategies, the long-term view is that the COVID-19 emergency will generate new approaches to sharing healthcare data once the pandemic has passed.

The World Health Organization has reportedly seen attempted cyberattacks double since the onset of the COVID-19 crisis, and a vaccine testing facility has also been targeted with ransomware.

Intelligence agencies, security firms and Big Tech giants and all ringing alarm bells over the growing threat from cybercriminals in the wake of the global COVID-19 pandemic – with ransomware attacks, opportunistic phishing threats and other malicious activities all threatening healthcare organizations worldwide. Scams by so-called gray-marketers for personal protective equipment have been increasing steadily as healthcare professionals face shortages of critical supplies. The FBI has issued a warning about Kwampirs malware targeting supply chains including the healthcare industry – Kwampirs is a backdoor Trojan that grants remote computer access to attackers. "One of the reasons for this increased risk to the supply chain and the healthcare sector is a rise in the number of people who are now working from home because of the COVID-19 pandemic," Elad Shapira, head of research for third-party security-management-automation specialist Panorays, wrote in a research note. "As a result, companies now face technology risks such as unmanaged devices, shadow IT and insecure access, along with human risks like increased phishing attempts." Meanwhile, Microsoft is warning hospitals to watch out for sophisticated ransomware attacks that could target them through their VPNs and other network devices. The company has already sent targeted notifications to dozens of at-risk hospitals. In particular, Microsoft singled out the ransomware campaign REvil (also known as Sodinokibi), which actively exploits gateway and VPN vulnerabilities to gain a foothold in target organizations. Following a successful exploitation, attackers can then steal credentials, elevate their privileges and move laterally across compromised networks, installing ransomware or other malware payloads. Critical infrastructure systems in hospitals are particularly threatened by ransomware, which can be locked up by malicious actors and only unlocked following hefty payments. Cybercriminals are also exploiting the crisis by selling Chloroquine, COVID-19 test kits and respirators for astronomical prices, reported a cybersecurity software provider, a finding that mirrored recent advisories from European law enforcement agency Europol. The firm found underground vendors offering surgical masks and N95 respirators for a 400% to 500% markup, and others selling prescriptions of Chloroquine plus Azithromycin for $500 to $1,000, which for a 30-day, 250 mg. prescription would normally run between $111 and $165. The World Health Organization has reportedly seen attempted cyberattacks double since the onset of the COVID-19 crisis, and a vaccine-testing facility has also been targeted with ransomware. As healthcare organizations battle the pandemic, they're also facing heightened cybersecurity threats from malicious actors looking to take advantage of the crisis caused by the outbreak. Nathan Eddy is a healthcare and technology freelancer based in Berlin. Email the writer: nathaneddy@gmail.com Twitter: @dropdeaded209

The hospital has one of the largest COVID-19 testing facilities in the Czech Republic.

The agency was subject to a hacking attempt on Sunday, designed to slow down its COVID-19 pandemic response and sow disinformation, Bloomberg reports.

Cybersecurity firm CynergisTek is using AI to help hospitals detect unauthorized access to electronic health records and prevent breaches caused by coronavirus curiosity.