Temporary Medical Centers are Targets for Cybercriminals

Temporary medical centers are targets for cybercriminals

It’s quite a feat to set up makeshift hospitals during a health crisis in convention centers and outdoor tents. But chances are IT security won’t get the same level of care, leaving these temporary locations vulnerable to cyberattacks.

People Come First, Anything Else is Secondary

Field facilities often operate on the network provided at the remote location, which lacks the kind of network security a hospital normally enjoys. Right now there’s no time to set up proper IT infrastructure or implement what would normally be acceptable cybersecurity measures. Healthcare professionals have enough to worry about while saving lives, they can’t be worrying about their instruments.

Unfortunately, these temporary medical units leave the connected medical environment quite exposed. Due to the demands placed on remote care, monitoring devices and infrastructure like smart beds depend on connected medical devices. These medical IoT devices rarely have any embedded security and remain particularly vulnerable to attacks.

Hundreds of thousands of remote-healthcare workers have access to all kinds of sensitive, health-related that is not well protected, allowing cybercriminals to infiltrate these devices in order to steal patients’ health data. This kind of cybercrime could cause complications for the users of these devices as well as the healthcare providers that use them.

Focusing on Primary Security Hygiene

One step to protect temporary medical units in their battle against cybercrime must include making sure their software constantly stays updated. System administrators who work on patches, upgrades and the upkeep of physical systems on a daily basis may not always be as readily available as they were before. Fact remains that an important part of keeping an organization healthy is quality security hygiene.

Another step is to make sure that any communication of any account from the medical units are authenticated. This means that it actually comes from authorised persons and are not a random attempt from unwanted parties at manipulating data. Moreover, all organizations should seriously consider enabling two-factor authentication for every account that is granted access to the remote center’s system. 

To this end, Microsoft has expanded the availability of its AccountGuard security service program. To secure remote healthcare locations, the tech giant is currently offering its anti-phishing AccountGuard service for free to healthcare providers on the front lines of the outbreak. It helps targeted organizations protect themselves from ongoing cybersecurity issues by immediately notifying users about threats so that they can take steps to stop an attack.

Steering Clear of Ransomeware and Phishing

Now more than ever there are more opportunities for pop-up health facilities to fall victim to ransomware and phishing. What’s worse, hospitals are more likely to pay a higher ransom due to the crisis, which will only impede their effectiveness. Since ransomware and phishing attacks are common types of cyberattacks on healthcare systems, routinely backing up the entire system and having some routine measures in place is essential.

When faced with ransomware, the goal is make sure you get your system back up and running as quickly as possible so you don’t have to pay criminals to get your data back. As well, to make sure none of your staff fall prey to a phishing attempt, you need to ensure that any links in emails are real ones and not hooks. Using Wi-Fi opens the door for hackers to monitor traffic, which increases the chances of obtaining online credentials and simplifying their access.

Under normal conditions, medical organizations would be in a better position to fight off criminal hackers getting into their systems and devices. The best way to let health services providers, doctors, nurses and others focus on providing crucial healthcare is to make sure that any IT infrastructure being used gets the best treatment possible.

Tech journalist
Born in Canada, Natasha has a B.A. in Russian and Slavic Studies from McGill University in Montréal. She is an editor with almost 20 years' experience, with IT being one of her favorite topics. She's been using the internet since 1988, and was around when McGill University built the pre-Web era Gopher search engine Archie in 1990.