eFax Blog

Virtual Panel on Healthcare Cybersecurity in the COVID Era: ‘The Devices Are Always Listening’

Compare All PlansStart Faxing Now
cybersecurity threats

In a recent HITRUST virtual panel co-sponsored by eFax Corporate, “Effectively Managing Cybersecurity Vulnerabilities in a Turbulent Healthcare Ecosystem,” HITRUST’s Michael Parisi shared an insightful anecdote.

A friend of Michael’s, working from home during the lockdown, had a phone call with a customer to discuss highly sensitive information—while his patio door was wide open. Afterward, the man’s wife came in from outside and told him she heard everything he’d said to the customer. Oh, and so did the couple’s next-door neighbor.

What makes Michael’s point relevant to this conversation about healthcare cybersecurity during COVID is that we’re all running our businesses and performing our jobs under new circumstances, which means we’re all facing new risks and threats.

Now, imagine that call was between a physician and a patient—and think of the neighbor as an Alexa or Siri in the doctor’s home, with a cybercriminal hacking the device to listen in for sensitive data. As Michael pointed out, “The devices are always listening.”


A panel with diverse healthcare-industry expertise

That was just one of many lockdown-era cybersecurity threats discussed by the expert panel, which included:

  • The legal perspective:
    Matthew Fisher, who heads the healthcare regulatory team for the New England law firm Mirick O’Connell
  • The third-party certification perspective:
    Michael Parisi, VP of Assurance Strategy and Community Development for HITRUST
  • The accreditation perspective:
    Lee Barrett, CEO of the Electronic Healthcare Network Accreditation Commission (EHNAC)
  • The healthcare cloud-service provider perspective:
    Jeffrey Sullivan, CTO of eFax Corporate’s parent company j2 Cloud Services

COVID challenges for healthcare security professionals

Among the other quarantine-era risks the panel discussed included:

Too much change, too quickly.

Healthcare organizations have had to adjust so much of their operations to address work-from-home arrangements—policies, controls, assessments, tools, technologies—that many IT teams have had to shift their focus away from security, privacy, and regulatory compliance.

Newly generated data is attracting hackers.

With the medical industry working to develop both a COVID vaccine and new treatments, hackers see increased value in going after these companies’ networks and systems to steal this intellectual property. This is why cyberattacks against biopharma companies have skyrocketed since the early days of the pandemic.

Stressful times lead to poor cybersecurity judgment.

Many healthcare-industry professionals are working from home, often for the first time, while also dealing with the stress of the pandemic. These disruptions in our professional and personal lives can leave us more distracted and vulnerable to poor decisions—such as falling for phishing attacks.

EHNAC’s Lee Barrett cited one incredible example. The HHS issued a warning that hospitals’ security and privacy officers were receiving postcards, supposedly from the “Secretary of HIPAA Compliance,” asking them to visit a URL for a risk assessment. The problem: There is so such position as Secretary of HIPAA Compliance. This is a new phishing attack, designed to take advantage of everyone’s confusion during COVID. And many of these healthcare security professionals are falling for it.

Understandably, healthcare orgs’ priority is always on saving lives and is even more important now

Another challenge the panel discussed was that the healthcare industry has only finite resources and budget—and right now, the priority for these organizations is protecting people’s health during COVID. In other words, many organizations are having to weigh competing objectives and de-emphasize everything other than the challenges of treating COVID patients and saving lives. Unfortunately, “everything” can also include cybersecurity and data-privacy initiatives.


What healthcare IT teams should do now

The panelists offered a number of suggestions for health organizations to better protect their sensitive data. j2’s Jeffrey Sullivan, for example, suggested a couple of best practices for healthcare IT teams during what he described as our current “once-in-a-lifetime level of distraction.”

1. Make sure your automated solutions are in place

First, Jeffrey suggested, review your cybersecurity infrastructure across your newly distributed organization. Make sure all of the automated tools and processes are doing their jobs, meaning:

  • All of employees’ company-issued devices are encrypted
  • Your team has remote monitoring in place for these devices
  • You’ve implemented fraud protection, malware detection, and intrusion detection

2. Make sure your cloud service providers are prepared as well

Jeffrey also recommended contacting the third parties whose apps, platforms, and other cloud tools your employees use. Ask them what specific steps they’ve taken to protect their systems—and your company’s sensitive data—during this period of heightened risk from cybercriminals.

Lee Barrett of EHNAC—who called j2’s level of cybersecurity preparedness “a model for the industry”—offered another valuable recommendation:

3. Get a third-party risk assessment

Lee noted that the best way to make sure your organization is meeting all of its cybersecurity and regulatory standards is to have your infrastructure and processes audited and tested by a third-party expert.

Now more than ever, your internal IT security teams have too much on their plate to make sure you’re addressing—or even seeing—all of the new potential threats to your organization’s data security.

For HIPAA-compliant, HITRUST-certified, and COVID-secure cloud faxing, learn what eFax Corporate can do for your organization.

Send and receive faxes in minutes.

Related Articles

Dropbox HIPAA Compliant for Your Medical Practice
Healthcare and Interoperability

Is Dropbox HIPAA Compliant for Your Medical Practice?

Hipaa,Professional,Doctor,Use,Computer,And,Medical,Equipment,All,Around,
Healthcare and Interoperability

HIPAA Compliant VoIP: How To Safeguard Patient Data with Ease

fax-medical-records
Healthcare and Interoperability

How to Fax Medical Records: Tips for HIPAA Compliance

Smart Speaker
Healthcare and Interoperability

Hey Smart Speaker, Are You HIPAA Compliant?

HIPAA Compliant Fax
Healthcare and Interoperability

HIPAA Compliant Fax: Secure Faxing for Healthcare | eFax Protect

HIPAA Privacy Rule
Healthcare and Interoperability

Virtual Webinar Explores HHS Proposed Changes to Modify HIPAA Privacy Rule

fax paper
Healthcare and Interoperability

Pandemic Exposes Healthcare’s Achilles’ Heel

healthcare interoperability solutions
Healthcare and Interoperability

New Healthcare Interoperability Solution Leverages Age-Old Technology

information sharing
Healthcare and Interoperability

Healthcare Interoperability Part 2: Information Blocking and Preparing for Broader Information Flow

Healthcare Interoperability
Healthcare and Interoperability

Healthcare Interoperability Part 1: Debating the Role of APIs, plus FHIR’s Semantic Problem

data leak
Healthcare and Interoperability

ePHI Data Leakage and the 8 Hiding Places You’ve Forgotten

interoperability in healthcare
Healthcare and Interoperability

Cloud Fax: How Healthcare Providers Can Take a Major Step Toward Interoperability Right Now

healthcare-scaled
Healthcare and Interoperability

5 Benefits of Online Fax Services for Healthcare

previous arrow icon
next arrow icon