In a recent survey conducted by BlackBerry, 9 out of 10 respondents reported that they were concerned about staff returning from work-at-home with systems that are unpatched and out of date. To deal with this challenge, BlackBerry suggests an approach similar to how COVID cases are handled.
I honestly had not thought about the potential security threat posed by laptops that had been used by staff at home. Although most devices would have protection against viruses and malware pre-loaded, these can be circumvented if those applications and the operating system are not kept up-to-date – a daunting task for non-technical users at home.
To explore this topic more deeply, I had the opportunity to sit down with Nigel Thompson, VP of Product Marketing at BlackBerry which provides software and services to enterprises and governments to secure the Internet of Things. BlackBerry’s recent united endpoint security (UES) report was both fascinating and alarming.
Returning to the office.
One of the highlights of the report is that 9 out of 10 survey respondents reported that they were “concerned” or “very concerned” about staff returning to the workplace from work-at-home arrangements with unpatched systems and out of date software. It should be noted that the survey was conducted across multiple industries (not just healthcare), but even so, it’s a powerful statistic.
Thompson wasn’t surprised at the survey’s results: “If you think about it, all of us just basically left the office. Some of us had computers we took with us. Some didn’t have computers because they normally worked at fixed workstations. We were all scrambling to figure out how to get them connected. There was a mishmash of solutions to keep the healthcare industry running and IT departments had to get creative. And when you get creative, you also increase risk as well.”
Many of the devices staff are using at home, have not been properly protected – through no fault of the staff member. They can’t be expected to know how to patch their OS or know which updates to install explained Thompson. As a result, these devices may be infected with viruses and malware.
Pandemic analogy
In a perfectly fitting way, Thompson likened the security concerns around the return to the workplace to the pandemic itself. The devices that could be carrying viruses should be “quarantined.”
While it probably won’t be for 14 days like it is for COVID-19, the point is as these devices return to networks, they’ll need to be fully patched and checked to ensure they are virus free before they can be allowed back onto the corporate network. “The challenge will be if all these devices come back at exactly the same time,” said Thompson. That would put a lot of undue stress on IT resources and could have a significant impact on productivity. Thompson suggests staggering the return to the office to give your IT team time to process all the returning equipment.
Increasing attacks in healthcare
Already, the Department of Health and Human Services is reporting a 50% increase in breaches throughout the COVID-19 pandemic. And while traditional antivirus software is great, Thompson continues with the pandemic analogy by saying that you can’t develop the “vaccine” for a cyber threat until the threat exists.
Antivirus solutions can only help when they know what to look for. It’s great for known threats, so they aren’t a great defense against new threats that don’t follow past patterns. According to Thompson, it is now easier than ever to launch a cyber- or ransomware attack because the tools to create one are readily available on the dark web.
There are also new kinds of healthcare interactions that are potential vectors for an attack. The rise of telehealth, for example, means there are whole new vulnerabilities to exploit. That’s why Thompson strongly suggests that healthcare organizations have a comprehensive, layered approach to securing their systems.
Cloud + Healthcare
BlackBerry also recently reported that 70% of healthcare security leaders remain concerned about the risks of migrating to the cloud. I am always surprised by statistics like this…even though I really shouldn’t be. Healthcare is slowly moving to the cloud, but many questions about security, privacy and data stewardship remain.
“The pros of the cloud are that you’re not actually responsible for the security or patching those systems,” said Thompson. This would make the cloud more secure than on-premise or private cloud installations. While there is no guarantee that the cloud would be less vulnerable to attacks, both Thompson and I agree that being on the cloud will at least decrease the burden on healthcare IT staff that are already stretched thin.
Watch the full interview with Thompson to hear more about:
- Why the reliance on personal devices may cause problems for healthcare security in the coming months
- What makes healthcare an attractive industry for cybercriminals
- How cloud solutions are the future of healthcare
- New technologies that may replace VPNs for security
- What your organization can do now to be more cybersecure
For more information, visit https://www.blackberry.com/us/en/campaigns/2021/how-ues-protects-shifting-work-environments
Listen and subscribe to the Healthcare IT Today Interviews Podcast to hear all the latest insights from experts in healthcare IT.
And for an exclusive look at our top stories, subscribe to our newsletter.
Tell us what you think. Contact us here or on Twitter at @hcitoday. And if you’re interested in advertising with us, check out our various advertising packages and request our media Kit.
