, ,

How the Delta Variant Will Strain Healthcare Security

November 22, 2021 • Shannon Flynn


Healthcare has felt the historic impact of the COVID-19 pandemic more intensely than any other industry. What the case data and vaccination rates do not reveal is the cyber pandemic that has coincided with the biological one. With the emergence of the highly contagious delta variant, healthcare security remains under threat.

How Did the Pandemic Affect Cybersecurity?

One of the biggest changes to daily life sparked by the COVID-19 pandemic has been the standardization of work from home. With lockdowns required to contain the spread of the virus early on, most businesses had no choice but to move operations out of the office and into employees’ homes.

While working from home came with both stresses and comforts for employees, it has posed massive security risks for organizations, especially healthcare providers.

In the office, data is protected on secure servers and company-issued computers. Not all employees have secure Wi-Fi, however, and many lack proper security software on their personal devices. People with weak security software are often unaware of the risk or may not be able to afford better software.

As a result, hackers have been able to gain access to all manner of sensitive information through the weakened defenses of personal computers and internet connections. This often comes in the form of phishing emails, but hackers can also get to files through unprotected Wi-Fi networks.

The sudden move to work from home left organizations all over the world scrambling to properly equip, educate, and train their employees on how to protect their technology. This process was far more strained for healthcare providers, who were already under immense pressure from the COVID-19 virus itself. The longer work from home continues, the more persistent the risk of cybersecurity breaches will be.

How Will the Delta Variant Affect Healthcare Security?

While cases of COVID-19 in the U.S. have decreased overall since November 2020, data from the CDC has shown that cases have gone back up dramatically since June 2021. This spike has been largely attributed to the delta variant. Despite the success of vaccines in decreasing the risk of severe infection from COVID-19, the pandemic goes on.

COVID-19 has forced some industries, like the pharmaceutical industry, to evolve their security measures just to keep up. However, not all employers and healthcare providers are taking the steps required to fortify their customers and patients against this new wave of the pandemic. This is evident in the continued reports of cybersecurity breaches in the healthcare industry.

Since the COVID-19 virus will continue evolving as long as it can spread, thus creating even more dangerous forms of the delta variant, working from home remains just as important as ever. The need for telehealth services will continue, with millions of patients putting their trust in healthcare providers to protect their information.

Plus, with the delta variant causing more people to get sick, medical staff will need to share more patient records among themselves. Sharing that information virtually is often a necessity, even at in-person appointments. As long as widespread working from home is necessary — which will be the case until we halt the spread of the delta variant — healthcare security will be a major priority.

What Can Healthcare Providers Do?

Healthcare providers face a greater challenge than ever before in protecting their data from hackers. There are several steps that IT departments can take to secure their organization and its patients.

1. Solidifying Backups

Creating backups of important files is a standard practice in cybersecurity, but the present circumstances elevate the need to do so. Backups should be secured with encryption appropriate to the sensitivity of the content, and CISOs and risk managers may want to store copies of backups in multiple locations.

2. Establishing VPNs for Home Offices

Supplying remote workers with VPNs is one of the easiest ways to make home offices more secure. While VPNs may not be foolproof, they can create an extra barrier against attacks and provide more privacy for employee data.

3. Implementing Multi-Factor Authentication (MFA)

While IT departments may already have MFA set up for certain sectors of their organization, it should become standard across the entire network while work-from-home remains in place. This is a valuable piece of a secure intrusion-prevention system and will ensure hackers aren’t able to get away with any login-page attacks.

4. Conducting Regular Penetration Testing (PT)

Increasing the frequency of penetration testing is important for ensuring network intrusion-detection systems and security measures stay consistently strong. The slightest gap in defenses could be exploited, and organizations are much safer attacking their own systems and finding those weaknesses before hackers can. It is critical to cover plenty of ground with PT procedures, as well. INTERPOL has identified several major types of threats on the rise since the onset of the pandemic, some of which may not have been included in organizations’ PT operations in the past.

5. Utilizing Secure Cloud-Based Networking

If secured thoroughly, cloud-based solutions are often ideal in a spread-out, work-from-home setting. Using the cloud is fine, as long as IT teams take the time to screen the services employees want to use and construct strong multi-factor authentication systems surrounding them.

6. Practicing IR and DR Plans

Incident response (IR) and disaster recovery (DR) plans are crucial under the best of circumstances, but they will require extensive attention to prepare for the cyber pandemic underway. CISOs should closely monitor the state of cybersecurity in their industry, keeping an eye out for trends or consistencies between attacks. IR/DR plans need to be robust and comprehensive, with preparations for breaches of any scale, including types of attacks that may seem abnormal or unlikely. Leave no stone unturned nor any potential threat unaccounted for.

7. Educating Employees on Cyber Threats

The final, but arguably most important, step is to offer employees the tools and knowledge to prevent cybersecurity risks. One of the fastest-rising types of threats is phishing attacks. Whether it takes the form of a malicious email or fraudulent text message, phishing attacks compromise organizations by going after individuals. Educating employees on identifying suspicious content and the ways in which they can secure their data will go a long way toward minimizing breaches through personal networks and devices.

Building Cyber Resiliency

The COVID-19 pandemic has strained virtually every industry on the globe with threats virtual and physical alike. The same technology used to attack healthcare organizations can be put to use defending them, though, just as COVID-19 itself was used to build a vaccine against it. The biological pandemic relies on individuals and organizations alike to step up to protect one another, and the cyber pandemic calls on that same resilience to inoculate the world against cyberattacks.