The health sector is not immune to phishing attempts. To prevent cyber attacks, it is essential to be well prepared.
Since the beginning of the pandemic, we have seen a significant increase in the number of phishing campaigns, ransomware attacks and social engineering.
Indeed, malicious actors are taking advantage of the vulnerability of certain clinics and practices because nonclinical health care professionals such as financial, administrative, healthcare IT teams are working from home, some without any cybersecurity controls in place.
These cyber vulnerabilities are resulting in even more weaknesses in the healthcare system, patient support systems and the protection of patient information.
This is why hospitals, treatment clinics, care homes and medical laboratories must, in their new normality, plan, prepare and be extremely careful when it comes to their cybersecurity.
Healthcare Industry Threats
With the evolution of medical equipments, which now depends more on your network infrastructure (IoT), cybersecurity enables patient safety and care by preserving the accuracy of the patient data, while still protecting patient confidentiality and privacy. Cyber criminals may take advantage of the COVID-19 crisis, using the increased pressure being placed on health organizations to extract ransom payments or mask other compromise.
Consequently, a cyber attack that makes patient data inaccessible to clinicians, or disables medical devices, could be very damaging to the healthcare industry and, more importantly, to the patients’ health.
Breach costs in the Healthcare Industry
Unlike most industries, the cost of breach in the health care sector is highly sensitive given the nature of the data and is evidence by having the highest cost of breach for the 9th consecutive year, or nearly $ 6.5 million on average, a percentage of over 60% higher than that of other sectors.
The Top Risks in the Heathcare Industry
Cybersecurity Risk
Due to the abrupt nature of the COVID-19 crisis, some organizations, large or small, lack the infrastructure, technology, or policies to ensure endpoints and data are secure outside of the corporate environment. e.g., data loss prevention is not in place, existing infrastructure does not allow security policies/controls to be applied to endpoints not connected to the network, and no secure way to connect remotely.
1. Data Loss
As more people are being forced to work remotely, organizations need to ensure their data is safe and used appropriately. More employees are moving files via a removable store, cloud stage, and emails (corporate/personal) so they can continue to be productive. Without adequate tools and controls like email encryption and data loss prevention (DLP), organizations run the risk of the data being compromised intentionally or unintentionally.
2. BYOD
More employees are relying on employees to work on their personal laptops or devices, which may result in the compromise of company data or network as appropriate security such as advanced antivirus solutions may not be in place. Employees need to ensure proper control is in place to protect the data, and policies should be created to provide directives on accessing corporate data and systems.
3. Inadequate Network Monitoring
Having the right visibility to what’s happening on the network is key to being able to prevent, detect, and respond to security incidents. Due to the unforeseen and rapid nature of the COVID-19 pandemic and emphasis placed on getting the business up and running, organizations that did put security monitoring in place are at risk of having undetected security events.
Privacy Risk
With the COVID-19 crisis, employees (prepared or not) are required to utilize video/audio conferencing solutions. Data (confidential, sensitive, or regulated like PIPEDA/HIPPA) are being shared unprotected/unencrypted mostly via email.
Business Risk
Being able to recover from a disaster is critical for a company survivor. Lack of preparedness, inadequate backup, untested DR, and not having a business continuity plan could have a lasting impact if a cyber event compromises organizations. Unfortunately, since a lot of organizations did not foresee and plan for COVID-19 and its impact, they are incredibly vulnerable.
Reduce and Mitigate your Risk
Your organization can quickly benefit from integrated cybersecurity solutions to minimize the negative impacts of the coronavirus situation:
- 24/7 monitoring and antivirus/antimalware protection of your workstations and servers as well as temporary workstations used by remote employees;
- Sophisticated email security with artificial intelligence emails to detect URLs and malicious attachments, and block phishing and social engineering, including identity theft, which is growing exponentially;
- Email encryption tools to secure, exchange and protect sensitive and confidential information with employees and third parties;
- Interactive and customizable information security awareness platform to educate your employees and ensuring employees are paying heightened attention to phishing attempts, and social engineering and are able to easily identify and report on it;
- Data loss prevention (DLP) solution with machine learning capabilities to protect your critical, sensitive and regulated data anytime, anywhere, any device;
- Security Advisory (CISO) to help provide strategic guidance, best practices, and security policies and threat intelligence.
Protect your most valuable assets with the help of our dedicated experts
In addition, if you have been victim of a security incident, we invite you to immediately call the VARS emergency service at 514-949-6876 or 514-941-7829. We can help you now.
14 Sep 2020 | Written by :
Guillaume Caron is a cybersecurity expert at Raymond Chabot Grant Thornton. Contact him today!
See the profileYou could also like to read
Next article
The effects of the pandemic on several SMEs encouraged them to find new ways to reach customers, particularly through online sales and remote services.
The e-commerce and remote services trend have reached a new level, which will now be part of a new normal. Although it has shaken up some less well-prepared companies, it brings new business opportunities and emerging customers that your organization could take advantage of in order to continue your activities and generate new income.
Here are a few things you should consider when reassessing your business model.
Promote online sales
E-commerce is becoming a necessity for retailers in a post-pandemic world. Not only this will allow you to expand your geographic reach beyond your community, but an online store will also allow you to be more competitive within your market. Take advantage of this new consumer habit to reorient your strategy and strengthen your online presence. As an exemple:
- Introduce deals or discounts to promote sales;
- Cut shipping costs to remove this disincentive;
- Offer freebies to get your name out there and boost sales of your other products or services;
- Encourage your customers to share through social media your online store to increase your brand awareness;
- Partner with local networks, such as a chamber of commerce or a local business association, to boost your products and services online.
Your business could benefit from support measures, such as the government’s initiative Le Panier Bleu, the City of Montreal’s urban delivery and digital shift support, as well as a Québec program to help update the skills of your employees. Consult the summary of available support measures, updated on a regular basis on our website.
Focus on your digital shift
The digital customer experience is, in the new normal, a must for any type of business. Companies that have innovated and provided an unparalleled buying experience for their customers will be able to take advantage of this current digital trend and gain significant market share.
When focusing on your digital shift, you must redefine the client journey. For an e-commerce platform, you have to rethink all the points of contact with your clients, including the information gathering, delivery and after-sale service stages.
Ask yourself these questions to better understand your client journey and how the digital experience fits in:
• How to promote your online store (website, social networks, referrers, purchase of keywords or advertisements, partnerships, etc.)?
• How to maximize the client online experience (secure and efficient transactional website, easy-to-access information, email, online chat, etc.)?
• How to ensure your clients enjoyed their online shopping experience (follow-up emails, surveys, etc.)?
While the digital transformation can contribute to diversifying your revenues and improving operational efficiency, it should not be at the expense of the client experience. Digitalization strategies are not just transaction focused, they also allow you to drive client commitment and foster relationships and partnerships.
There are several transactional platforms in Quebec that can help you start your online business, and many specialize in online sales for smaller businesses.
Use technology to provide your services
There are great tools available to help professional service companies manage their customer relations and accounts:
- Turn to tech platforms like Zoom, Skype and Google Hangouts to keep in touch with clients and offer virtual support;
- Remain present on traditional and online media;
- Send relevant information in your customer newsletter;
- Create content like webinars and live videos to keep relationships alive and maybe even generate new revenues;
- Engage with customers on social media.
Rethink your business priorities
This is a time for renewal and innovate in new products and services to add value to your current offering. Seize this opportunity to make adjustments so that your business will be stronger than ever before. Consider adding new technologies to expand the offering and distribution of your products or services.
There is also an opportunity to reinvent your business by finding new ways to create value for your clients and expand your offer to generate income and keep your clients.
Knowing which way to go is not always easy. Our experts are here for you. They can help you build a winning strategy by supporting you in your business model reflections.
Next article
The Grant Thornton International IFRS team has published Insights into IFRIC 23.
Effective for financial years beginning on or after January 1, 2019, IFRIC 23 Uncertainty Over Income Tax Treatments (the “Interpretation”) requires entities to consider the potential for adverse tax determinations being made by taxing authorities while under a hypothetical tax review – and record a liability (and expense) where such a finding is considered “probable”. Many entities may not experience a financial impact as a result of this, but the Interpretation remains applicable and certain disclosures may be appropriate.
The publication Insights into IFRIC 23 provides an overview of IFRIC 23, explaining the relevant definitions, the initial tax assessment and subsequent measurement, together with some practical application and examples.
Service
Next article
The Grant Thornton International IFRS team has published COVID-19: Accounting implications for CFOs – Considerations when preparing financial statements and using alternative performance measures.
Preparers of financial statements are now having to think about how, where and in what form they should report COVID-19 in their financial statements. It is important to not only comply with the guidance set out in IFRS, but also ensure that the financial statements are an effective part of the wider communication with stakeholders.
The publication sets out various ways to enhance communication on how the pandemic has impacted the financial position and performance of any reporting entity. These include sensitivity analysis, the use of alternative performance measures and changing line items that have previously been disclosed within the financial statements.
The publication COVID-19: Accounting implications for CFOs – Considerations when preparing financial statements and using alternative performance measures is attached to this IFRS Adviser Alert.