How COVID-19 Has Exposed Cyber Risks in the Health Sector
Why a Paradigm Shift is Needed for Building Cybersecurity Resilience
Analytical Insights | July 2020
For developing countries the COVID-19 pandemic has underscored the need to prioritize building cybersecurity capacity within the health sector, and represents a rare opportunity to establish cybersecurity more broadly as a core element of the 21st Century’s development agenda. This article presents the latest cyber risks for the health sector that have emerged during the COVID-19 pandemic, and new approaches needed for building cybersecurity resilience. Following a brief explanation of the most common threat categories observed during the pandemic, the top five targets for cyberattacks are highlighted which include hospitals and healthcare centers, public health organizations, vaccine companies and virus research institutions, individuals, and contact tracing apps. In addition to operational solutions, the article presents three emerging themes that have manifested during the COVID-19, and implications for future operational solutions and coordination on building cybersecurity resilience.
Key Findings:
- Cyberattacks targeting public health and the health sector have increased significantly since the outbreak of the COVID-19 pandemic in 2020, resulting in disruption to the operations of domestic healthcare systems and services, theft of medical records, and significant financial losses, elevating the need to bring cybersecurity to the forefront of the development agenda.
- Low preparedness — resulting from insufficient cybersecurity investment and awareness in developing countries generally and from the unprecedented challenges presented by a pandemic specifically — renders low- and medium-income countries particularly at risk of paralyzing attacks.
- A sectoral-centered approach is needed to bolster cybersecurity within the health domain, using the historically strong development of cybersecurity in the financial sector to offer lessons to fortify the health sector against threats. This sectoral capacity building must be anchored to a strong foundation and enabling environment provided by a central national cybersecurity agency whose capacity must also be built and fortified to support the health sector.
- A broad conceptualization of cybersecurity to include elements of malicious information campaigns will help facilitate a focus and better management of this rapidly developing phenomenon.
- The COVID-19 pandemic has underscored the need to establish cybersecurity as a core element of the digital development agenda in the 21st century, and yields a unique clarity and opportunity to accelerate the safe and effective development and adoption of e-health solutions and telehealth platforms, particularly in low- and middle-income countries — paving the way towards further digital development of the health sector.
Full Article: How COVID-19 Has Exposed Cyber Risks in the Health Sector