Since the beginning of the pandemic, the healthcare industry has seen a significant rise in cyberattacks, says Heather Paunet, senior vice president of products at Untangle, a cybersecurity firm in San Jose, CA.

The combination of the pandemic’s effects — crowded facilities, expanded telehealth usage, exhausted workers — with more reliance on medical devices has left the industry vulnerable to cybercriminals.

“While medical devices, which are connected to the internet and hospital networks, enable physicians to easily access and share critical medical information and have greatly improved the performance and effectiveness of medical centers, they make healthcare systems prime targets for hackers,” Paunet says. “Unfortunately, due to the critical patient data they hold, supplemented with key personal identifiers, medical organizations have become common targets for attacks.”

Healthcare IT security teams should update, monitor, and test their networks and connected systems daily, Paunet says. They also should develop and implement a risk assessment plan to understand threats to the network and create mitigation or remediation plans.

Network administrators must be prepared to quickly access backups and restore functionality, which requires knowledge of what data were backed up, when it was backed up, where the backups are stored, and what is needed to restore them. Paunet says a cybersecurity incident response plan should include these steps:

  • Detection and analysis: Implement warning systems that alert when a breach or attempted breach has occurred.
  • Immediate response: Develop an immediate and robust response to close the breach and prevent further infiltration.
  • Containment: Contain the breach to further prevent data loss and to block sharing of data.
  • Eradication: Close and eradicate the vulnerability.
  • Recovery: Ensure business continuity or resumption of operations and set actions in motion to remediate reputational damage.
  • Reporting: Examine the circumstances surrounding the breach to learn from it and review the response to find ways to improve the plan.

In addition, Paunet advises healthcare organizations to implement these steps to prevent cyberattacks:

  • Deploy the right tools to monitor devices and activity. All desktops, laptops, mobile devices, and medical devices connected to the network should be monitored, and complete network activity reports maintained. It also is important to keep all software and protections up to date. Never skip or delay an update.
  • Isolate the effect of a potential attack. Creating separate networks for different purposes can ensure any attack is isolated, hopefully keeping damage to a minimum. For example, putting all internet-connected devices on a separate network away from servers used for day-to-day data exchanges will ensure those servers will not be affected in the event of a breach.
  • Back up data regularly. Back up data daily and continuously scan to ensure backups are free of malware. Performing multiple backups also is recommended, as this provides extra insurance if there are problems with the previous day’s backup. Go back one day to ensure a clean restore.
  • Enforce password policies and deploy multifactor authentication. With employees in constant contact with sensitive personal information, password security is paramount. It is important to use strong passwords — combinations of characters, symbols, and numbers that cannot easily be guessed — and change them regularly.
  • Use two-factor authentication. This can add an additional layer of defense to any login or credentialed-access portal.


  • Heather Paunet, Senior Vice President of Products, Untangle, San Jose, CA. Phone: (866) 233-2296.