By Devin Partida, technology writer and the editor-in-chief, ReHack.com.
Devin Partida
Many aspects of modern health care are increasingly dependent on IT professionals. Here are five challenges those experts are likely to encounter this year and some potential solutions.
1. Addressing the IT Needs of Rural Facilities
Many modern hospital processes require the internet. However, many hospitals are not in areas known for reliable internet access. These are typically rural facilities that often lack large IT teams.
However, these medical centers play substantial roles in the surrounding areas. Estimates suggest that rural communities account for 20% of the United States’ population. Hospitals are often among the primary places of employment for residents there.
Some IT obstacles at rural facilities relate to communication silos. However, a clinical mobility assessment could break down some of the barriers between IT professionals and clinicians. Moreover, investing in managed services can relieve the burdens at hospitals without large IT teams.
2. Coping With Too Many COVID-19 Vaccine Passport Standards
With COVID-19 vaccination programs rolling out in many countries, merely getting the appropriate number of shots is insufficient. People must also prove they did so. For now, they usually have paper vaccine cards with handwritten details.
However, several companies are working on digital vaccine passports. Those could prove vital for helping vaccinated individuals attend a concert or sporting event, travel abroad, or even dine in a restaurant.
People with knowledge of the matter say a primary issue is that there are currently four standards used for these projects and no sign of world leaders agreeing to stick with just one.
A related matter is that the United States alone has dozens of public vaccination databases. Implementing a system where a passport app could retrieve information from all of them requires one standard.
It’s also not clear whether people will need different vaccination apps depending on their desired activities. Since so many details remain unknown, the best thing for health IT professionals to do now is stay abreast of progress and consider how developments could affect their work.
By Luke Wilson, vice president of intelligence, 4iQ.
Luke Wilson
In the wake of COVID-19, my firm, 4iQ, observed an increase in a host of cyber-attacks. This uptick did not come as a surprise, given cybercriminals typically exploit uncertain situations, but it was a wake-up call for organizations that were in the midst of transitioning to full-time remote work.
As the country begins to reopen, we cannot let our guards down – from preventing the spread of this pandemic, or from persistent cybercriminals.
Phishing campaigns were well-documented over these past few months. Scammers spoofed credible institutions, such as the World Health Organization (WHO) and Centers for Disease Control and Prevention (CDC) to lure victims into downloading malware or to capture personal or financial information.
These incidents were so widespread that government agencies, including the CDC, Federal Communications Commission (FCC), and Federal Trade Commission (FTC) published resources on these COVID-19-related scams to alert the public and offer tips on how to spot suspicious activity. Individuals were also at risk of having their identities spoofed, not just organizations.
Cybercriminals leveraged the accounts of executives with public-facing email accounts, usually via keyloggers or phishing attacks, to conduct fraudulent wire transfer payments.
As COVID-19 continued to spread, so did the number of registered suspicious coronavirus-themed domains. We analyzed over 2,400 domain names with COVID-19 themes and found that the most common terms were “virus,” “coronavirus,” and “corona.”
We also saw particular interest in protection gear, test kits, vaccines, and domains that tracked reported coronavirus cases as well as the status of the infected and cured. While some of these sites might have been legitimate, many were scams to distribute malware, inflict financial fraud, or trick victims into purchasing fraudulent COVID-19-related products, such as “vaccines,” which haven’t been evaluated by regulators for safety and effectiveness.
The threat of ransomware being used as a highly effective form of cyber terrorism has been receiving a lot of media attention lately. The story line stems from a recent Lloyds of London report that boldly states a large-scale ransomware attack could cost the global economy $193 billion and impact more than 600,000 businesses worldwide.
The report further speculates that if coordinated and executed properly, a global attack like WannaCry could cause even more severe damage and cost companies significantly more when you factor in all the business disruption and recovery related costs that would follow in the wake of a wide-scale attack.
With doomsday projections like these, it’s easy for people to become numb to the associated cyber security risks. Yet security professionals must always remain objective when assessing the scope of a threat versus the cost of implementing security measures to arrive at a risk-based recommendation.
What is ransomware terrorism?
Terrorism is broadly defined as the use or threat of violence that aims to spread fear in a population, and to advance a political, ideological or religious cause. Ransomware can be used in this context to disrupt the life of individuals and organizations, which depend on the smooth functioning of information technology to maintain operations.
While historically, the main goal of ransomware has been to extract, or extort, money or other valuable consideration from the affected party. NotPetya made us aware that there is a lot more damage an attacker could do with access to an army of computers spread across the globe than just turning them into bricks.
To prevent or avoid the consequences of an attack of terrorism, the defenders must effectively repel every single attempt to perpetrate the crime. Ultimately, the attackers only need to overcome the defenses once in any given situation to prevail.
Exploring the potential impacts of ransomware terrorism
In the proposed scenarios created by the Cyber Risk Management (CyRiM) project and Cambridge Centre for Risk Studies (CCRS), put forth in the report called, “Bashe Attack: Global infection by contagious malware,” a ransomware terrorist attack could be launched through an infected email, which once opened would be forwarded to all stored contacts.
Then within 24 hours, the malware could encrypt all data on 30 million devices worldwide. In the worst case scenario of the event, even the backups would be erased—meaning companies of all sizes would be forced to pay a ransom to decrypt their data or replace their infected devices.
It is easy to conceive that a ransomware attack on this scale would cause substantial economic damage to a wide range of business sectors through reduced productivity and consumption, inaccessible data files, IT clean-up costs, ransom payments and supply chain disruption.
The moral of the story according to Lloyds is that all businesses should pay close attention to systemic risk across all lines of business, not just within the silo of cyber and businesses should buy insurance to help protect against such catastrophic scenarios.
