The COVID-19 pandemic has transformed virtually all industry sectors, especially healthcare operations, in a matter of months. Healthcare workers have quickly adopted a vast array of new precautions and operating procedures beyond protective gear.
To minimize exposure, hospitals, clinics, and other healthcare organizations have limited how many nurses and doctors attend to patients and conduct rounds. To facilitate collaboration, providers now work remotely and communicate through virtual telemedicine meetings with each other.
These heroic front-line works have the support of a vast array of back-end employees, from hospital administrators and healthcare IT teams to other business staff responsible for keeping business operations running – all while also working remotely.
However, the well-intentioned and sudden transition to remote work environments carries an underlying risk of increased exposure to cybersecurity threats.
Due to this new normal, it is essential for healthcare institutions to protect their workforce from hackers, fraudsters, and other malicious actors and keep them cyber-safe.
The Dimensions of Remote Healthcare Work
Remote healthcare work is a broad and flexible concept with solutions bridging distances of many miles. For instance, surgeons operating robotic equipment from a secondary location or employees working from home. However, remote work options need not necessarily be from home; they are equally valuable over short distances.
Due to the COVID-19 pandemic, remote healthcare work is of particular relevance to protect staff. Numerous healthcare functions such as diagnosis, therapy, or monitoring can occur at a distance due to new technologies' availability.
The State of Cybersecurity during COVID-19
More users are accessing the internet and relaying information daily thanks to remote working due to COVID-19 guidelines. The increased traffic from more places poses a cybersecurity threat and exposes vulnerabilities that malicious actors can exploit.
Additionally, using personal devices and home internet connections for work further exacerbates the situation because they do not have the same high cybersecurity level as corporate IT-managed resources.
What's more, collective rising fear, curiosity, and anxiety make internet users more vulnerable to sophisticated malicious cyberattacks through false information and communication sources that appear legitimate. For instance, a false COVID-19 impact maps was used to spread password-stealing malware. The threats impersonated Johns Hopkins Medicine – a trusted and legitimate source.
Related: How to Protect ePHI from Healthcare Data Security Threats
How to Keep Remote Healthcare Employees Cyber-safe
Pandemic operations have forced healthcare institutions to dissolve their network perimeters to enable employees to access resources from almost anywhere to keep critical processes moving. These unseen employees include doctors, nurses, technicians, office employees, and healthcare directors who do not need to work directly with patients.
Many of these employees are at risk of a device, app, software, or network attack if they use inadequately secured personal devices and home networks. Healthcare organizations cannot risk a catastrophic cybersecurity event, such as a ransomware attack, since they provide critical care. Therefore, they must make secure remote working a top priority.
Below are some best practices on how to keep remote healthcare workers cyber-safe.
1. Secure Devices That Access Healthcare Networks, Data, and Apps
Deploy threat defenses for all remote employees, including everyone in your network, like technicians who remotely consult on test results or medical billing specialists. Any device connected to a healthcare institution network can put confidential patient information at risk of loss, breaches, or unauthorized access.
To protect IT devices, you need continuous, on-device security to prevent attacks such as malware, ransomware, or man-in-the-middle attacks.
Related: Tightening Security After a Data Breach
2. Train Employees on Cybersecurity
Healthcare organizations must train all their employees about phishing and other scams that threaten their cybersecurity. An institution may have deployed all the latest cyber protection systems, but untrained employees still threaten their network.
Employees are targets because they are a weak link to security systems, and malicious actors may use their devices to bring malware and other attack tools into the organization. Therefore, employees require training on how to:
- Protect their devices from attacks
- Protect all organization endpoints
- Recognize and report suspicious emails
Increased social engineering scams like phishing attacks demand extra diligence from all employees.
3. Protect Home Internet Connections
When connecting to a healthcare network from home, the following practices can ensure security and quality:
Bandwidth: As COVID-19 drives more of the U.S. workforce home, bandwidth demands increase. Remote employees need to be sure they are getting quality bandwidth from their internet service provider (ISP). Some ISPs place data caps on their devices, so find out if yours does.
Connectivity: Employees using a hotspot of Wi-Fi at home must ensure that they have a modern encryption tool, such as WPA2 (Wi-Fi Protected Access II), with a strong PSK (pre-shared key equivalent to a password) to establish a home connection. Employees should never connect over public Wi-Fi and other unsecured access points.
VPN (a virtual private network) with MFA (multifactor authentication): A VPN encrypts information from the source to its destination. A VPN with MFA ensures that employees must successfully present at least two pieces of evidence (such as codes that a smartphone app generates) to the authentication mechanism to gain access to a healthcare network.
Passwords: Healthcare IT and infrastructure engineering teams insist on minimum password lengths, complexity, and composition. Long passwords and phrases are more secure than shorter ones and should change every 90 days or less. Enabling MFA supplements passwords security.
Web Browsing: Employees must first verify that the websites they are using are secure before conducting sensitive transactions. The sites should implement SSL (secure socket layer) protocols to secure the traffic between originating devices and destination sites.
Virtual Conferencing: Users must inventory all meeting attendees to prevent eavesdroppers who randomly attempt to identify links to these meetings. Hosts should require a password below allowing attendees to join the meeting.
Stay Patched: Corporate-issued devices are likely managed centrally and receive updates via systems management and deployment solutions like Microsoft System Center Configuration Manager.
Phishing (Email), Smishing (SMS), and Vishing (Vice Calls): Remote employees should have the training to identify suspicious activity and report it to the IT security team for investigation.
Read Next: How to Avoid Common Data Security Challenges
The Bottom Line
In a time marked by widespread uncertainty, the remote workforce can protect their organizational and personal internet security by relying on sound cyber-hygiene best practices. Following the above-proven cybersecurity guidelines can protect healthcare organizations' networks, systems, and data from cyber threats.
Productivity platforms like Formstack can help organizations digitize operations, automate workflows, and fix problems. We can also help make remote work environments more secure and productive. Learn more about Formstack's dedication to security.
About the Author
Alison Drew is a content writer with an affinity for security. She is currently employed with Preyproject (a device security company) and is passionate about educating companies on staying safe.