Cybercriminals Target Healthcare Institutions Amid COVID-19 Pandemic

Laptop and Stethoscope showing inside Healthcare Institution

Cybersecurity is an increasingly significant threat to companies worldwide, especially those within the healthcare industry. Since 2009 the number of reported data breaches has increased each year. The number of patient records breached each year ranges from the millions to the tens of millions.

These cybercrimes have not slowed down amid the COVID-19 pandemic and are on the rise. Inter-governmental law enforcement organization INTERPOL has issued a warning to the organizations at the forefront of fighting the coronavirus outbreak to be especially vigilant of cybercrime activity, as they are now being targeted for ransomware attacks.

According to 24×7 magazine, INTERPOL’s Cybercrime Threat Response team has detected a significant increase in the number of attempted ransomware attacks targeting organizations and infrastructure that are key players in the virus response. These attacks, when successful, use ransomware to hold hospitals and medical services digitally hostage, barring access to vital files and systems until a ransom is paid.

Though the threat may seem invisible, there are key steps and preventative actions that can be taken to help reduce the risk of attacks by minimizing breach opportunities.

1. Recognize Human Error Possibilities

Human error is the number one cause of cybersecurity breaches. Hospitals and healthcare organizations should establish a standardized cybersecurity policy or commit to enforcing existing policies. This does not just apply to lower and middle staff; according to the HIPAA Journals, 61 percent of firms found that senior-level executives were potential security issues.

2. Tighten Employee Practices

Employee negligence when handling patient information has also been cited as a significant issue. No matter how well security protocol is followed, it just takes one misstep or moment of negligence to create an opportunity for cybercriminals and compromise sensitive patient data.

3. Prioritizing Patient Security

COVID-19 has also placed a significant strain on hospitals and healthcare facilities and finding a way to secure complex digital systems amidst a pandemic may be low on the list of priorities for many institutions. Keep in mind that increased digital vulnerability resulting from COVID-19 response is what cybercriminals are counting on. Having sensitive patient data and facility documents ransomed in a cyberattack could have monumental consequences and compromise your institution’s full COVID-19 response capabilities.

If you need help developing or implementing cybersecurity protocols or systems, contact InterMed today about our Medical Device Profile (MDP) services at Our MDP services for Cyber Security is a boots-on-the-ground Jump Team™ Program utilized to capture the critical data needed to perform the initial device profiling of all the healthcare entity’s equipment. MDP is the critical first step in developing all variations of data defense strategies by identifying the risk points and vulnerabilities of the housing of the device electronic Patient Health Information (PHI).