Network Defence

8

The impact of COVID-19 on cybercrime trends in healthcare: A Comparative study of healthcare agencies in Virginia.

Objectives

The objectives of the study are to reflect the developing cybercrime trends that have been brought by the pandemic. The study will also provide strategies that healthcare sector in Virginia can employ to contain cybercrimes and also discuss how the study relates to the master plan of containing cybercrime activities in healthcare centers in Virginia.

Project Plan

Particularly in Virginia, cases of cyber criminals targeting patient portals with the aim of stealing patients’ information has become rampant owing to the fact that many patients are using these portals to access a wide variety of services from their health facilities and they are unaware of potential scammers who may be targeting them with false ads with the intention of stealing their data. the project will therefore begin by analyzing the top trends that criminals are using to steal data from the patients while they are accessing medical services through portals and then follow the emerging issues within the health sector as the pandemic continues to prevail. The study will then proceed to reflect on the strategies the health sector in Virginia can employ to safeguard their patient data, and illustrate how this content is relating to the master program.

Top Trends of the Cybercrimes in the Healthcare Industry

Using the connectivity of the internet is one of the most widespread method used in the healthcare industry and in safeguarding sensitive client information have vastly changed. Historically, health data and client information were paper records that were safeguarded within hospitals and required a physical data breach or a misplaced file to effect hundreds to thousands of patients. But today, both health data and sensitive client client’s information is kept in a large quantity on a network easily assessable by staffs from different locations, which offers various access points for a data breach, potentially affecting millions of patients. Much of this sensitive information can be accessed using the internet of things (IoT). There is an increased use of IoT in the healthcare industry with no increase in cybersecurity measures which increases the possibilities of a cyberattack by creating multiple access points into a weakly defended network (Kruse et al., 2017). The healthcare industry continues to be a lucrative source for cybercriminals to gain profit from. Cybercriminals can gain profit from selling identity information, insurance credentials, medical credentials, or from gaining access to prescription medication.

Cybercriminals are using various trends including phishing which is disguising some information as genuine content and trick the user to click on them and submit vital information such as their social security numbers. In most cases, these criminals pose as genuine health care agents requesting patients to fill out numerous forms to update or read certain content that they must download using their personal data. another technique is through malware which are trackers that are installed by the hackers to detect patient’s activity while they are online. These trackers capture patient’s information through screenshot which the criminals can easily take advantage of (Yadav et al., 2021)). Cyber criminals are going to the extent of attacking patients through the sledge hammer technique which is by guessing their passwords as they believe that patients have a tendency of reusing their passwords for the fear of forgetting if they add a new password. Therefore, criminals can easily guess most common passwords that people use such as their birthdays especially if they are popular persons and use them to steal their personal data.

The healthcare industry in Virginia remains at a great risk to cyberattacks and cybercrimes, as it has not kept up adequately with modern trends and threats to cybersecurity. Most of the healthcare organizations in Virginia are unprepared, ill-equipped, lack funding and expertise necessary to deal with cyberattacks and threats. Currently, there are set rules and regulations aimed at protecting sensitive patients’ information such as the cyber disclosure act 2015, the 1999 Gramm-Leach-Bliley act, the omnibus rule, homeland security act, and the health insurance portability and accountability Act of 1996 (Lallie et al., 2021). On the other hand, these laws and regulations are unclear in outlining security expectations and procedures. These vague laws coupled with a lack of cybersecurity expertise and funding further aggravate the issues. Mostly, the top management in healthcare are not actively involved in taking time to really understand cybersecurity safeguards or vulnerabilities in their system and take actions which are lacking data to boost them. There is no cybersecurity certification mandating compliance in the healthcare which may be seen in other industries and the HITECH Act only requires healthcare specialist to report a security breach when more than 500 patients have been affected.

Emerging Issue in the Healthcare Industry

The health care industry is continuing to adapt to the innovations of technology and the transition to electronic-based system and telehealth services, the organizations are left vulnerable to experiencing cybercrimes. Healthcare devices are constantly changing and evolving and becoming more and more interconnected with other hospital devices and networks. The new measures to contain the virus requires healthcare facilities to maximize the services they provide their patient with through online self-service portals. These portals are not adequately safeguarded and they can therefore be used by cyber criminals to access the healthcare network. Patients and healthcare professionals are using remote and IoT medical equipment for various reasons such as keeping track of how many beds are vacant, medication notifications, monitoring patients, sending device and health information, telemedicine, and education. In the healthcare industry, IoT devices have been very useful yet they leave the organization more susceptible to cyberattacks when compared to the regular computers due to weaker security systems as well as lack of updates. Through the process of medical Device Hijacking, cybercriminals take the advantage of the IoT’s flaws to exploit unprotected medical devices. This process happens when a hacker injects malware into medical IoT to move through the hospitals networks until they connect with a device, they are interested in. For instance, a hacker can inject malware into diagnostic equipment such as an MRI and spread to other equipment such as ventilators until it has reached the nurses station computer where it can then access medical records and send information to the hacker

There is an increased cyberattacks on the already vulnerable healthcare industry in Virginia, due to COVID-19 pandemic. In a rush to identify effective treatment for the deadly COVID-19 virus, the Virginia healthcare industry has been unable to strengthen their already weak security systems and shop for more secure network protections. The pandemic has caused a shift in how the healthcare system operates, moving large quantities of health data online with government access, moving operations to new locations, and increased use of IoT devices. When the pandemic was in full force, the healthcare in Virginia was forced to rollout various designs to assists in the treatment and communication of patients virtually, this created further access points for cybercriminals. Additionally, due to the quantity of patients needing treatment for the virus, health facilities across Virginia were forced to move operations to off-site remote medical centers that required a large amount of funding, making them vulnerable. Cybercriminals have taken advantage of the current climate and sought to steal valuable data from agencies rapidly deploying remote work.

Strategies to contain cybercrimes in health care

The first strategy is by educating the patients and employees on how they can protect themselves as they are accessing the online services. This involves training them on how to identify fake advertisements and messages which the criminals use to trap them into submitting their personal information. This is ideal in providing them with full knowledge that will encourage them to surf the internet by using the relevant caution when it comes to handling their own data while online. Another way is to limit the number of devices the patients are using to access their portals (Fuentes, 2017). Therefore, healthcare facilities should limit the number of devices that are accessing a certain patient’s page at a go to minimize the ability of criminals to hacking into the system and compromise the patient information. Additionally, healthcare in Virginia must ensure to limit the number of people who can access patient data and ensure that they provide the employees with one time passwords to prevent third parties from learning the passwords and use it to access patient data.

Results

The outcome of this research is that it will play an integral role in raising awareness to the healthcare facilities around Virginia on the prevalence of cybercrime threats that are facing their patients and hospital systems as well. The report has revealed the techniques that the criminals are using to trick patients into giving out their personal information to these criminals who later use them for their own benefits such as acquiring loans or sell them to other third parties for greater profits. The study also intends to educate the healthcare facilities on the strategies they can use to contain cybercrimes in the healthcare industry such as educating patients on strategies they can use to identify false messages sent to them by criminals. Another strategy is to limit the number of devices that are accessing the patient’s portal at the same time to reduce the opportunity of criminals from using this as an advantage and increase the vulnerability of the entire patient data.

Relationship to master program

This report directly relates to the master programs because it will be delivered at a time when many healthcare agencies have started to report cybercrime attempts targeting to steal valuable healthcare data research in the middle of the pandemic. I also know that various classes(IT 597, 547, 545 and 670)in my cybersecurity program will play major role in my project work. According to a mid-year report that was released by Fortified found that 60% of data breaches to the healthcare system, were mainly caused by cybercrime as opposed to those working for the healthcare systems. Besides that, ransomware attacks on the healthcare system appears to have spiked in April 2020 (Wells, 2021). After the reports of cyber-attacks on healthcare system were released, cyber security and infrastructure security agency started advising healthcare organizations to strengthen the password security and establish a two-factor authentication for sensitive healthcare data and information. There is a rise that has been created by the pandemic in sophisticated cyberattacks as the world began becoming increasing connected.

References

Fuentes, M. R. (2017). Cybercrime and other threats faced by the healthcare industry. Trend Micro.

Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic review of modern threats and trends. Technology and Health Care, 25(1), 1-10.

Abulencia, J. (2021). The cost of cybercrime in the US healthcare sector. Computer Fraud & Security, 2021(11), 8-13.

Lallie, H. S., Shepherd, L. A., Nurse, J. R., Erola, A., Epiphaniou, G., Maple, C., & Bellekens, X. (2021). Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, 105, 102248.

Wells, R. M. (2021). Identifying Trends Associated with Cyber-Crime in Healthcare Industries (Doctoral dissertation, Northcentral University).

Yadav, H., Gautam, S., Rana, A., Bhardwaj, J., & Tyagi, N. (2021). Various Types of Cybercrime and Its Affected Area. In Emerging Technologies in Data Mining and Information Security: Proceedings of IEMIS 2020, Volume 3 (pp. 305-315). Springer Singapore.