Cyber Safety in Public Health organization amid global pandemics has turn out to become a major talk on every media outlet since the discovery of COVID-19. COVID-19 brought back a vocabulary among the millennials and gen z “Pandemic”. This term flooded every media outlet and continent, including healthcare. With the COVID-19 pandemic, cyber criminals took advantage of this global crisis to launch treacherous cyber exploits that gave birth to a new pandemic known as “digital pandemic”. As is evidence in the ransomware attacks on University of California, San Francisco (UCSF), Colonial Pipeline and JBS USA Holdings Inc. — the world’s largest meat processors.
The level of sophistication of cyber-attacks, theft of electronic devices (mobile phone, tablets, laptops) and the high rate of compromised/fake mobile devices in circulation in the global market, health workers especially researchers and those on the field should not use their personal devices to store important data, where it is necessary to store such data, they must use devices that supports encryption. This is to ensure that data residing on the device are always encrypted to ensure privacy.
A spike in phishing attack should be expected especially among healthcare workers as by default there would be higher rate of data sharing among researchers, therefore attackers would leverage on that and send phishing links through emails. According to a new report from PhishMe, 91% of all cyber-attacks begin with a phishing email to an unexpected victim. People are duped by phishing emails because of curiosity (13.7%), fear (13.4%), and urgency (13.2%), followed by reward/recognition, social, entertainment, and opportunity. Healthcare organizations should ensure their staff are always trained and retrained on Phishing awareness training.
Risk of working remotely is something that every healthcare center/organization should take to heart by CISOs (Chief Information Security Officer) and ICT (Information and Communication Technology) team by ensuring an extra level of protection and improvement in security architecture are implemented.
Creation of data backup of all critical services and database should be paramount to reduce the risk of ransomware attacks. According to a report by Kensington, one laptop is stolen every 53 seconds, and over 70 million cell phones are lost each year, 4.3 percent of company-issued smartphones are lost or stolen every year. 80% of the cost of lost laptops are from data breach. Cyber Security Ventures reported that ransomware is expected to attack a business every 11 seconds by the end of 2021. This does not include attacks on individuals, which occurs even more often than businesses. In as much as backups are so essential, backups must never be connected to the network, and this is to prevent the case of a ransomware attack on your services and the backup.
Password management and need for multi-factor authentication should be the new normal. If possible, never use third-party applications, and ensure you always patch your applications and servers.
One thing is clear, human will continue to be human, and they will continue to be the weakest link as most people have developed the mindset of “I have nothing special to hide” or “it can never happen to me or my organization”. Regardless of your level of professionalism, NEVER take any cyber safety guidelines for granted or be the point of entry to an attacker to your organization, feel security policies are aimed at causing more hardship on your users, rather it’s for making your users safer. Head of ICTs, CIOs, CISOs and ICT teams must intensify their awareness and response plans for the threat of ransomware.