Throughout the COVID-19 pandemic, hackers have continuously targeted credentials to gain access to enterprise networks, particularly those in healthcare, given the rise in remote care and telework. Here are a few recent examples:
- One Hospital in Utah reported its third phishing-related data breach this year, affecting 10,000 patients
- One third-party vendor was infected with malware impacting 274k patients
- Another notified 786 patients of a breach after multiple employee email accounts were hacked
These are only the more recent breaches; the list goes on and on, and is only expected to continue. Healthcare organizations can make changes to how they prioritize security in our new remote landscape and decrease the potential for a breach.
Where are the Risks Coming From?
The number one risk affecting healthcare organizations are phishing attacks. In short, phishing is an attempt to obtain sensitive information like usernames and passwords. A hacker typically disguises as a seemingly trustworthy entity over an email or text message to gain that information.
How Does Remote Access Jeopardize Security?
When employees are working from home, they’re no longer protected with the same security controls and protocols as their corporate networks provide. Instead, they’re accessing the same sensitive business data from their home Wi-Fi networks. Having your vendors working from home also leads to your organization losing visibility into how devices have been configured, patched and updates maintained.
Just as the pandemic shifted some of your employees to start working remotely, you have to remember that your vendors are probably working from home too.
While some organizations prioritized securing remote access for their vendors, others are slow to the start and need to reassess if third-party access is making them more vulnerable – especially in today’s landscape.
Overall, the increase in connectivity from both vendors and employees will result in IT teams having to intensify their focus on data privacy to keep an eye out for intrusions from a greater number of entry points.
What’s the Solution for Strengthening Security Standards?
Experts already predict that there’s a high chance that not all employees will return to the office setting. In fact, the “newest normal” will likely be a hybrid scenario where some employees continue to work remotely for the long-haul. Security teams will have to find solutions to balance the security needs of both environments.
For starters, transitioning employees back into the office is going to require more than simply adding more sanitizing stations – their devices will need a “cleaning,” too.
It’s been months since employees have been in the office, so you’ll need to be sure their devices are up to standard when it comes to software updates, antivirus and firewalls.
The best way to manage this for your vendors is to put automation in place that does security checks every time, so you don’t have to worry where your vendor employee is accessing your network from.
When it comes to phishing attacks, the number one way to safeguard employees and vendors is to implement a multi-factor authentication solution.
This way, even if a hacker gets a username and password, they’d still have to prove an additional form of identification like a code sent through a text message before they’re admitted access into your systems.
Overall, the best thing a healthcare organization can do is take a proactive approach to their security.
Too often, companies have the “it won’t happen to me” mindset, and when they do experience a breach, they’re scrambling to recover. Instead, prioritize security with on-going training, updating your privacy policies, and do your research to invest in the technology that matches your security standards.
Today’s landscape is new for a lot of us, and if you’re struggling to know where to begin when it comes to securing remote access for your vendors and employees, reach out to our experts – we’re always here to help.