Electronic Health Reporter

The coronavirus pandemic has impacted us profoundly as most nonessential businesses stay closed, and the nations worldwide stay indoors. The hospital staff is under tremendous stress, and all non-critical medical treatments and procedures are on hold until further notice. The pandemic has halted all industrial activity, and the medical field, the frontline warrior against the virus, has been disrupted the most.

Sadly, whether an opportunistic trend or organized crime, critical situations have always given criminals a favorable moment to strike. Owing to their large payouts and increased public interest in it, medical facilities have emerged as a prime target.

Healthcare: A target of organized fraud

While the health sector has always been a dominant area in case of fraud, the situation intensified after the COVID-19 outbreak. One of the biggest battles that the medical facilities needed and still need to combat is the trafficking of substandard and falsified medical products. These items usually included hand sanitizers, test kits, face masks, and other medical equipment. As the demand for such products spiked, criminal activities attempt to take advantage of the public health system’s capacities. 

Besides this major threat, healthcare facilities need to prepare their infrastructure for various cyberattacks. The COVID-19 lowered the resistance of many facilities. INTERPOL reports a significant increase in the number of ransomware attacks against companies and organizations that battle the COVID-19 crisis.

Ransomware virus is one of the deadliest infections as it is capable of stealing or encrypting medical data. Then, if facilities want to retrieve the decryption key or prevent the data from being disclosed publicly, they need to pay large ransoms. During this situation, when hospital staff needs to have access to medical records and patient histories, losing all this confidential data can lead to death. Hence, hospitals need to consider whether their infrastructure is capable of resisting a ransomware infection. One of the options is to perform frequent penetration tests. They help organizations discover their weak points and evaluate the resistance against cyberattacks.

Higher risk of medical supplies being stolen

Medical equipment, like N95 masks and PPE kits, are in high demand now. This situation is a fertile ground for thieves who look for any opportunities to make some money. In March, the state of South Carolina registered a case where Nitrile gloves being carried on a truck were stolen in broad daylight. Again, the Oregon police counted 20 cases when N95 masks were stolen. These were to be sold online. Thieves have openly targeted research labs and hospitals to loot these items as well.

Attempts to exploit Medicaid and Medicare beneficiaries

Senior citizens are always more vulnerable to fraudsters. There have already been FBI reports of a spike in scams taking advantage of the pandemic. Incidents of fake tests for COVID-19 being sold and questionable treatment being offered have occurred. The victims have had to share their insurance or Medicaid or Medicare numbers information. Such information has been used for illegitimate billing services provided through dubious healthcare programs or by private insurers.

How do you protect yourself?

Hospitals, clinics, and other medical facilities must take a comprehensive approach to this menace. An effective defense is needed as criminal activities have been found to spread across states. This includes using fraud detection tools and accessing insights that monitor fraud trends.

Medical facilities can take various protective measures to prevent falling prey to COVID-19 scams. Here are some effective preventive technology controls that can save the day for hospitals and clinics.

• Arrange protection for remote access to critical IT infrastructure. User-ID access should also be restricted. There should be no direct connections on servers that come from outside the facility. Set alerts and arrange to monitor the server and network performance.
• Limit and log the use of remote access giving applications. Change passwords when prompted. For critical IT assets, implement two-factor authentication.
• Regular updates of antivirus programs are a must. It’s better to stay clear of freeware as they might contain malware.
• Without the facility authorizing it, public file-sharing websites should be avoided.
• Access the internet only through secure Wi-Fi hotspots and broadband connections. Available data shows that nearly 471 million records were exposed in 2018 in the US. Therefore, we strongly suggest that connections to the internet be made using a Virtual Private Network (VPN). It helps prevent hacking.
• Patients can do their part as well. When accessing certain websites or submitting confidential information, remember to make your connection secure. Atlas VPN protection can prevent hackers or other suspicious sources from monitoring your activity. It encrypts all web traffic and guarantees that it travels through the internet safely. So, with such a tool installed, you can freely access all your accounts without the fear of being tracked.

Medical facilities must set up a standard operating procedure for accessing critical patient data stored on secure servers. All the clinical staff and IT team members must skill up to dodge hacking attacks and prevent critical data theft. Caution should be the ‘mantra’ to prevent fraudsters from having a free run, especially with the number of incidents in the US on the rise.