Cybercrimes are certainly capitalizing on the COVID-19 pandemic with an onslaught of scams that prey on fear, uncertainty and doubt. Not that I’m surprised, but there are no ethical boundaries for these criminals. In fact, often times the opportunistic time to strike is during a period of uncertainty like the one we are in now.
And this scenario is playing out…
- March 11: Champaign-Urban Health District had a malware attack just as it was preparing for their COVID response.
- March 15: Health and Human Services Department (HHS) was targeted with a Distributed Denial of Service (DDoS) attack.
- March 25: Attack on home and small-office routers directs users to spoofed COVID-19 informational sites in an attempt to install password stealing malware is announced.
- In numerous instances, The World Health Organization has been spoofed by look-alike websites spreading false information and inducing additional fear.
If you have spoken to me or any of my colleagues at TRUE, you will know that one of our core pillars is “Security is a Team Sport.” Meaning that we are all in this together, from user to system administrator to auditor. It takes coordination from vendors, partners, and at the end of the day good IT and Security management skills. A great example is a recent Twitter account I came across. The feed Cyber Volunteers 19 (@Cv19Cyber) is comprised of likeminded cyber security professionals that have come together to combat these cyber challenges.
Cliché, but still very much TRUE–we are in this together. We must respond as a team.
Difficult Times Call for Innovation
Technologists and Health Tech companies are certainly doing their part, being solid team members for a world in need right now. In fact, it seems more people than ever are looking for ways to leverage technology creatively to help solve problems stemming from this pandemic– who knows what incredible inventions we may see. The one thing that threatens to slow that down is the concern over security risks in connected technology. With so many attacks capitalizing on fear and vulnerabilities right now, I worry we will see a return to people’s fear of technology. ••••
Cybersecurity and Compliance: Inhibitor or Business Enabler?
What frustrates me more than anything is this notion some people hold that cybersecurity and compliance inhibit technology innovation. While my passion and expertise are in cybersecurity and compliance, let’s be clear, I am a technologist! I love technology and how it can improve our world. I’m also a realist, in that anything that can be used for good can also be used for evil– meaning what brings care can also be an avenue for attack. But that doesn’t mean we should step back from the challenge. It seems like people’s Fear, Uncertainty, and Doubt (FUD) around cybersecurity or compliance challenges sometimes kills innovation, and they should not. One thing I have learned over the years is that change is hard, especially in areas that are not our strengths… and while some might have strengths in health tech, they may not be as familiar with the intricacies of cybersecurity and compliance requirements. Rather than embrace the challenge and learn how to incorporate security and compliance from day one, as a way to protect and even enable business, some people just back away–and that’s a shame. Our world can’t really afford that kind of fear right now. We need courage, experimentation, thought leadership.
Healthcare Technology May Have the Answers We Need
With the growing number of COVID-19 patients in our communities, doctors, urgent care facilities, and especially hospitals are desperate for any way possible to help them diagnose and treat cases in the fastest, safest, most effective ways possible. There is another, potentially greater concern, though. How can they protect the well-being of patients who need treatment for other conditions, and all the caregivers who are being taxed by this pandemic, without spreading the disease to those groups? A naval hospital ship is very helpful in one state, but can that be realistically replicated across the nation as a way to segment? If ever there has been a time for Health Tech to step up, this is it.
Don’t Back Away from the Challenge
Don’t be afraid of cybersecurity and compliance challenges. BUT at the same time, don’t ignore them, either. Just work together with someone on your team, or a partner, who understands how to make it simple, incorporate security and compliance controls into the technology from the beginning, because these are most certainly real concerns that must be addressed directly. Remember, it’s a team sport. For start-ups, this may be challenging because that MVP (minimal viable product) doesn’t account for all the nuances that security requires. For more mature start-ups/early stage companies, this is realized through vendor questionnaires and SOC2 requests. For established entities, it becomes an efficiency/effectiveness ROI question. Certainly, the risk goes up as your business scales, and so too must your response.
Build the Right Team
The reality is that even before the COVID-19 outbreak, health tech was already struggling to keep up with the security risks associated with rapid growth. Now, when we need all those remotely governed home infusion machines, application-based diagnostic tools, at-home respirators and apnea machines more than ever, the industry needs a doubled effort in cyber security program management. If you have the resources internally, seek out experts who will be able to identify the gap and who intimately understand the nuances of companies at different stages of growth– particularly in a regulated industry.
If you would like help securing your remote workforce in the meantime, check out our recent webinar for some immediate guidance. TRUE experts break down some easy to implement security steps that will support you right away.
You can even watch from the comfort of your new home office: https://attendee.gotowebinar.com/recording/3910721373246260737
True Digital Security is an end-to-end provider of security, compliance, and IT-cloud services.