The health care industry has long been a primary target of malicious cybercriminals, but since the emergence of COVID-19, organizations on the front lines of fighting the pandemic have experienced a rise in cybersecurity incidents and attacks. Between February and June of 2020, HIPAA-covered entities reported 192 large scale data breaches to the US Department of Health and Human Services, Office of Civil Rights (OCR) – more than twice as many as were reported during the same period in 2019.1
While the types of cyber threats health care organizations have encountered during the COVID-19 pandemic are not wholly original, factors including the rapid shift to remote work, the expansion of telehealth and the strain on resources experienced by many organizations, have combined to create new security vulnerabilities and challenges. For example, in recent months, some health care organizations may have temporarily relaxed firewall rules to facilitate additional work-from-home capabilities, short-circuited vendor diligence or contracting protocols in order to rapidly deploy or expand telehealth capabilities, or quickly erected temporary medical facilities in parking lots…