The Real Economy Blog

Economic News from RSM

Home > Coronavirus > Cybersecurity, amid coronavirus, remains a top risk in health care

Cybersecurity, amid coronavirus, remains a top risk in health care

by

Cybersecurity remains a top risk within the health care industry as attackers are weaponizing COVID-19 and breaches continue to increase during the first quarter of 2020.

In 2019, there were more than 500 reported breaches to the Office of Inspector General. Of the 500 breaches reported, the protected health information of 41 million individuals was compromised. Reporting from January of this year showed an increase in breaches as 49 were reported to the OIG, affecting 629,000 people’s data. This is a 40% increase from January of last year. Unfortunately, February’s pace appears to continue the trend, with 43 reports compared to 33 year-over-year.

According to the HIPAA Journal, the health care industry now accounts for around four out of every five data breaches and 2020 looks set to be another record-breaking year, especially given the uncertain climate due to the impact of COVID-19. The cost to the health care industry from breaches is expected to reach $4 billion in 2020.

Weaponizing the coronavirus

Attackers are already capitalizing on COVID-19 in various ways. The first quarter saw a number of phishing attacks, most notably email updates disguised as trusted organizations, such as the World Health Organization. Also, domains resembling trusted organizations are being purchased by attackers to execute phishing schemes (i.e. cdc-gov.org, cdcgov.org). These phishing schemes request personal information in order to send COVID-19 updates but instead steal personal information.

In addition to phishing emails, ransomware attacks continue to plague the health care industry with organizations across the country reporting 172 ransomware attacks, affecting 1,446 hospitals, clinics and organizations, according to Becker’s Hospital Review.

A recent ransomware scheme leveraged an Android app disguised as providing users with “real-time” updates about COVID-19, but in fact, was used to lock user phones requiring a payment of $100 in bitcoins to unlock their device.

With the increase of organizational breaches, creative phishing emails on the rise, continued ransomware attacks combined with COVID-19 uncertainty and stresses, we will continue to see cybersecurity as a critical theme into Q2 2020 and beyond.

For more on this topic, visit our Coronavirus Resource Center and managing risk and uncertainty during COVID-19 pages.

Related posts

About Jessika Garis

@jesgon01

Jessika has more than 10 years of professional experience providing operational, financial, regulatory consulting, and outsourced and co-sourced internal audit services. She has extensive experience in managing the internal audit function (both fully outsourced and co-sourced) for various health care organizations, performing revenue cycle audits (including billing, collections, denials and claims review), conducting comprehensive operational reviews across multiple lines of business, and evaluating companies’ compliance with regulatory standards as set by the OIG, HHS, OCR and DOJ.

In January 2019, Jessika was selected as a senior analyst in RSM’s cutting-edge Industry Eminence Program, which positions its senior analysts to understand, forecast and communicate economic, business and technology trends shaping the industries RSM serves.

The Real Economy Blog