While COVID-19 has proven the healthcare industry’s overall resilience, it has also increased its cybersecurity risk with new and emerging threats.
The rapid adoption and onboarding of telehealth vendors led to a significantly increased digital footprint, attack surface, and cybersecurity risk for both provider and patient data, a new report released by SecurityScorecard and DarkOwl has shown.
Telehealth use is booming, and so is the associated cybersecurity risk
According to a brief from the U.S. Department of Health and Human Services, at the height of the pandemic, the number of telehealth primary care visits increased 350-fold from pre-pandemic levels.
Researchers focused the 2020 healthcare report on reviewing the 148 most-used telehealth vendors according to Becker’s Hospital Review. The report indicates that telehealth providers have experienced a nearly exponential increase in targeted attacks as popularity skyrocketed, including a 30% increase of cybersecurity findings per domain, notably:
- 117% increase in IP reputation security alerts
- Malware infections — as part of successful phishing attempts and other attack vectors — ultimately cause IP reputation finding issues
65% increase in patching cadence findings
- Patching cadence is the regularity of installing security patches and is often one of the primary security policies that protect data
56% increase in endpoint security findings
- Exploited vulnerabilities in endpoint security enable data theft
16% increase in application security findings
- Patients connect with telehealth providers using web-based applications including structured and unstructured data
42% increase in FTP issues
- FTP is an insecure network protocol that enables information to travel between a client and a server on a network
27% increase in RDP issues
- RDP is a protocol that allows for remote connections, which has seen increased usage since the widespread adoption of remote work
Evidence on the dark web
Additionally, DarkOwl’s research showed a noticeable increase in mentions of major healthcare and telehealth companies across the dark web since February 2020. There was evidence of prolific and emerging threat actors selling electronic patient healthcare data, malware toolkits that specifically target telehealth technologies, and strains of ransomware that are uniquely configured to take down healthcare IT infrastructure.
Over the past four years, SecurityScorecard has reported on the cybersecurity struggles the healthcare industry faces. In this year’s report, SecurityScorecard and DarkOwl looked at over one million organizations – over 30,000 in healthcare alone – from September 2019 to April 2020 and analyzed terabytes of information to assess risk across 10 factors.
The healthcare industry, despite new risks from telehealth vendors, slightly improved its security posture compared to 2019. The industry moved to 9th place out of 18 reviewed industries (up from 10th in 2019.) This is heartening, especially as the industry has been overwhelmed by an influx of patients, limited resources, rationing, and other challenges due to COVID-19.
“While telehealth is an integral part of maintaining social distancing and providing patient care, it has also increased healthcare providers’ digital footprint and attack surface, which we see with the increase of findings per telehealth domain, and in factors like endpoint security,” said Sam Kassoumeh, COO and co-founder of SecurityScorecard. “It’s an indicator that healthcare organizations should continue to keep a focus on cyber resilience.”
Mark Turnage, CEO of DarkOwl adds, “Since the onset of the pandemic, cybercriminals are entering the healthcare data selling space which ultimately leads to new risks facing healthcare organizations and their IT supply stream. Threat protection teams must remain one step ahead of potential attackers, especially during this critical time.”