The coronavirus has had a significant impact on many aspects of life. Many people have started to utilize technology they had not previously used for every day activities. This has led to an increase in global cyberattacks. The FBI reported that so far this year, they have received 20,000 reports of cyberthreats related to COVID-19. Additionally, the UN has found a 600% increase in phishing emails. To assist in preventing further attacks, COVID 19 cybersecurity is discussed below.
Is your organization secure?
Find out now with our HIPAA compliance checklist.
COVID 19 Cybersecurity: The Healthcare Industry
The healthcare industry has seen a drastic increase in phishing attacks since the beginning of the pandemic, as hackers target healthcare workers with emails containing malicious links. Early on, there were reports that hackers were using fake COVID-19 maps to lure users into clicking on the map to see where the virus was spreading. Hackers were also impersonating the World Health Organization (WHO) and the Centers for Disease Control (CDC) in phishing emails to trick recipients into clicking on malicious links that falsely claimed to have updated information on the virus.
One of the main reasons so many healthcare workers are falling victim to these phishing scams is lack of cybersecurity awareness and education, specifically in the areas of regulation and policy, and training.
COVID 19 Cybersecurity: Awareness and Training
A recent report surveyed healthcare workers finding that 32% of respondents had never received cybersecurity training, and 34% did not know what their organization’s cybersecurity policies were. In addition, 18% of respondents were not aware of the requirements of the HIPAA Security Rule.
The results of the report were concerning, to say the least. COVID 19 cybersecurity requires employees to undergo training to prevent phishing attacks.
Employees should be trained in the following areas:
◈ Policies and Procedures. Healthcare organizations are required to implement policies and procedures in line with the HIPAA Security, Privacy, and Breach Notification Rules. Employees must be trained annually to ensure that policies and procedures are adhered to.
◈ HIPAA Basics. Employees are also required to be trained annually on HIPAA basics. It is clear from the study that many healthcare organizations are not adequately trained, as so many respondents were not aware of the HIPAA Security Rule. Employees that are not aware of HIPAA basics cannot reasonably comply with its standards.
◈ Cybersecurity. A key preventive measure to avoid falling victim to a phishing attempt is the ability to recognize phishing emails. Phishing emails can often be convincing as they impersonate a trusted entity (i.e., WHO, CDC) prompting users to click on a malicious link. However, there are common indicators that an email is a phishing email. This includes spelling errors in an email address, poorly written emails, and emails asking recipients for sensitive information (i.e., login credentials, Social Security numbers).
