As the Covid-19 pandemic continues, the pressure on healthcare services has not only increased physically, but digitally. Healthcare organisations from hospitals to data centres holding sensitive patient information to medical agencies must ensure that they not only maintain strong cybersecurity postures, but that they patch and correct any small flaws in their security policies that could potentially be exploited.
A December cyberattack on the European Medical Agency (EMA) stemming from a third-party which resulted in the theft of a variety of documents relating to the Pfizer/BioNTech underscores this point. The documents have since been leaked, and a perpetrator has yet to be named. The EMA has been upfront about the attack and their subsequent cooperation with investigative forces, as well as with their renewed security policies.
A cyberattack in a German hospital in September 2020 that led to a patient’s death also highlights the potential severity and gravity of these hacks.
With attack surfaces continuously developing and expanding – especially as Covid-19 increases the need for remote working – cyber criminals are as active as ever, looking for any weaknesses to gain access into an organisation. Often, these gaps in security can be found in third parties or supply chains, as smaller organisations may not devote the same amount of resources to cybersecurity, which can ultimately lead to significant attacks.
Therefore, organisations must have a better ongoing understanding of their attack surface, the cybersecurity posture of their third parties and suppliers and alerts to new threats. Digital risk management tools such as CyDesk can help security teams visualise their risk and cybersecurity status, trawling through and analysing data from a variety of sources for accurate and up-to-date information.
With the Covid-19 pandemic set to continue as countries rush to vaccinate their populations, healthcare organisations are likely to be under pressure for the foreseeable future. But, armed with accurate data and the ability to quickly amend cybersecurity gaps, hopefully they can defend themselves against costly and dangerous cyberattacks.