The Colonial Pipeline cybersecurity breach earlier this month exposed how vulnerable both public and private companies are to cyber attacks.
According to Supervisory Special Agent Samantha Baltzersen with the FBI Cyber Task Force in Albany, there has been a rise in cyber threats during the COVID-19 pandemic.
“Healthcare organizations are generally very large, have lots of vendors, business partners and affiliates," Baltzersen said. "There are a lot of mergers, so the attack surface for healthcare entities is ever growing. When COVID hit, they only got larger.”
Hospitals and health care providers are now particularly at risk, especially with the interconnection of technology and medical equipment.
“With COVID, we saw a lot more telework, bring your own devices and a drastic expansion of telehealth and telemedicine,” Baltzersen continued. “And there's additionally been a move to the cloud for a lot of healthcare organizations.”
The FBI warns health care providers and other organizations to be cautious of phishing emails and to protect what is forwarded online, especially patient information.
“Believe it or not, Blue Cross Blue Shield was one of the largest breaches,” Baltzersen said. “And it was believed to be done in order to understand how all that data, and all those patients were handled on a regular basis.”
Justin Bain, CISSP, HCISPP information technology and cyber security officer for the Visiting Nurse Service of New York, said working from home can also allow for some to lower their guard.
“As these attacks keep going, it is the hardest part I think,” Bain said. “Because we're all distracted, we're at home, we're trying to keep up with our work, we’ve got our dogs barking, we’ve got the children crying. And so a good security awareness campaign is really important for getting this message out there.”