COVID-19: Considerations for Cybersecurity in Healthcare

R. Muru

Summary Bullets:

• Security heads must consider the right options when addressing security gaps in an organization’s IT, with a particular focus on email phishing, ransomware, DDoS, and network breaches.

• Assess vendors that have strong threat management capabilities, wide portfolio coverage encompassing cloud and endpoint security through a platform-centric approach, and flexible commercial pricing arrangements.

The global healthcare sector is being subjected to an array of cyberattacks as it deals with the COVID-19 pandemic. Criminals are attempting to cash in through ransomware and compromise the integrity of IT systems. Recent examples where GlobalData has seen cyberattacks include i) Bruno University Hospital in Czech Republic, one of the country’s COVID-19 testing centers, was struck by ransomware resulting in the postponement of surgeries, ii) the U.S. Department of Health and Human Services suffered a distributed denial of service (DDoS) attack intended to disrupt the organization’s responses to the COVID-19 pandemic, and iii) increased phishing website hacking attempts on the World Health Organization (WHO) and its partners.The healthcare sector’s reliance on the Internet as its IT backbone is a key reason it is the subject of cyberattacks. This covers Hospital Information Systems (HIS) entailing Laboratory Information Systems (LIS), Policy and Procedure Management Systems (PPM), Personal Health Records (PHR), Radiology Information Systems (RIS), and more importantly, email servers. This also covers a number of endpoint devices entailing various patient monitoring equipment that either connects to the internet or via legacy dispersed networks that are often unpatched. From an Enterprise Architecture (EA) perspective having tighter integration across the IT environment is positive in terms of the organization being more agile and having tighter data integration. However, it makes the network vulnerable to cyberattacks such as email phishing, ransomware, DDoS, and network data breaches.

Despite the challenges faced by enterprise IT and security heads in the healthcare sector, in the last two years’ leaders have demonstrated a desire to take positive steps to increase security measures across enterprise IT and networks. GlobalData is also seeing a greater proportion (5-10%) of the IT budget spent on cybersecurity. However, a number of barriers still exist in providing greater levels of security. These include the rapid emergence of new threats, lack of security policies across the organization, and complex configuration of endpoint devices and networks of which some are within the legacy environment. Within this backdrop the COVID-19 pandemic has created further challenges in the healthcare sector as IT business units have been forced to prioritize IT budgets and focus on business continuity in running IT under the new norm. However, organizations in the healthcare sector should not be complacent and must consider options to address the security gaps that currently exist in their IT healthcare ecosystem and look for early wins particularly across:

• Workstations and servers
• Healthcare networks, particularly legacy systems
• Remote working (securing DNS and multi-factor authentication)
• Endpoint devices (endpoint detection protection and response)
• Security policies and procedures
• HIS, including PHR

In response to the challenges the healthcare sector faces, cybersecurity providers continue to sell on i) increased defenses and providing resiliency to email servers, ii) cloud connectivity and providing security across a Software as Services (SaaS) environment, iii) remote working (endpoint devices), and iv) re-enforcing best practice policies and procedures. The table below outlines some of the recent initiatives and activities by vendors in the marketplace addressing the security concerns highlighted above:

Vendor Initiative
1 Microsoft Protection of critical healthcare services from ransomware (REvil) through Microsoft threat protection services (Microsoft Defender ATP, Office 365 ATP, and Azure ATP), particularly for remote working environments.


Providing perimeter security to NHS UK through the use of Palo Alto Networks and Imperva platforms.
3 Orange Cyberdefense Increased monitoring of attacks by Orange Cyberdefense Malware Epidemiology Lab in healthcare, covering attacks on pharmaceutical companies.
4 Palo Alto Networks Cloud Access Security Broker (CASB) platform securing native security controls for Microsoft Office 365 environment and other SaaS in Healthcare, using i) next generation firewalls on premises or ii) Aperture SaaS security service.
5 GE Health Launching its Skeye offering in February 2020, a managed solution providing management, security, and integration of devices on the healthcare network through a dedicated security operations center (SOC).

As cybersecurity vendors continue to reinforce their marketing messaging regarding the steps enterprises should take to address security in the COVID-19 pandemic and articulate how their portfolio adds value, enterprise IT and security heads should further evaluate vendors on:

• Performance of threat protection capabilities, particularly across email servers (phishing and ransomware).

• Breadth of portfolio coverage in addressing cloud and endpoint security through a platform-centric approach.

• Flexible commercial arrangements offering free extensions on licensing and further discounted pricing structures/tradeoffs on large network replacement deals.

What do you think?

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.