Colonial Pipeline’s cybersecurity breach earlier this month exposed the vulnerability of public and private companies to cyber attacks.
According to Special Supervising Agent Samantha Baltzersen with the FBI’s cyber task force in Albany, there has been an increase in cyber threats during the COVID-19 pandemic.
“Healthcare organizations are generally very large, they have a lot of vendors, business partners and affiliates,” Baltzersen said. “There are a lot of mergers, so the attack surface for healthcare entities is growing more and more. When COVID hit, they just got bigger.”
Hospitals and healthcare providers are especially at risk, especially with the interconnection of technology and medical equipment.
“With COVID, we saw a lot more telework, bring your own devices and a drastic expansion of telehealth and telemedicine,” Baltzersen continued. “And besides, there has been a step into the cloud for many healthcare organizations.”
The FBI warns health care providers and other organizations to be wary of fishing emails and to protect what is forwarded online, especially patient information.
“Believe it or not, Blue Cross Blue Shield was one of the biggest violations,” Baltzersen said. “And it was believed to be done to understand how all this data and all those patients were handled on a regular basis.”
Justin Bain, CISSP, head of HCISPP information technology and cybersecurity at the New York Visiting Nurses Service, said working from home can also allow some to lower their guard.
“As these attacks continue, I think it’s the hardest part,” Bain said. “Because we are all distracted, we are at home, we try to keep up with our work, our dogs bark, the children cry. Therefore, a good security awareness campaign is really important to get this message across. “