How healthcare organizations can prepare employees to securely work from home and avoid cyberattacks during the coronavirus crisis

Healthcare organizations that sent employees home to avoid the coronavirus are now at higher risk for viruses of another sort — those that come after cyberattacks. As companies across the United States scrambled to set up their employees for remote work, many inevitably found they were not prepared, according to one expert. 

“Every business in every possible industry is having this same problem,” said Darren Guccione, CEO and cofounder of Keeper Security. “Traditionally, what you see is, when companies go remote, they haven’t planned accordingly.” 

He recommended several steps leaders can take to ensure productivity stays high, and employee and patient information is secure.

Addressing hardware and software needs

Leaders should make sure employees are provided with the hardware and equipment they need, like dual monitors, laptop, check-scanning device and printer. “You have to build up an inventory of what you need for each person,” he said.

Leaders also should make sure employees have the software they need and can get secure access while working remotely. There should be endpoint security on every machine and password security information running constantly, Guccione said. “When you’re remote, you’re going to have a greater number of usernames and passwords,” he said. Systems that help teams stay in touch such as Slack, Zoom or Microsoft Teams can be useful, as well.

Mitigating risk for cyberattacks

A mass exodus from the office to remote workspaces is an appealing scenario for cyber criminals, Guccione said. “IT departments are going to be stressed. This is when cyber criminals are always on the attack.”

With so many people working from home, remote workers will be using the same logins on multiple systems, so if one person’s system gets breached, the whole organization is at risk.  “Once they breach your computer and it’s connected to a network, they can get access to a greater amount of information,” he said.

Guccione recommended IT departments take the following actions to mitigate the risk of cyberattacks:

• Determine which people on which devices have access to which systems at which times of day, and review audit logs to ensure employees are accessing only what they should.

• Scan inbound emails for threats and unknown file types. Educate staff about how to look for the warning signs for spam, and what to do if they receive it.

• Make sure security systems are working properly and remote files are backed up. Patient records should be protected and encrypted so all files are always secure.

• If any systems in the organization are hit with ransomware, do not pay the ransom.  “Quite frequently, cyber criminals are evil, and even if you pay them, they won’t release the computer,” Guccione said. Secure backups will ensure no information is lost.