As vaccines finally start entering syringes and patients in the UK, the world awaits with baited breath the return of more normal times. Of course, we’re all aware that the vaccine supply chain, though hard working as it may be, won’t be capable of blasting out the millions of doses needed to vaccinate the majority of the population for a while. Many are happy to wait while the supply chain continues chugging — happy to take any small glimmer of hope they can find. Unfortunately for vaccine manufacturers and healthcare facilities injecting these doses, it’s not as simple as just taking in vaccines and distributing them among patients.
Many cybercriminals have started to see an exciting opportunity to attack healthcare facilities that will soon be creating a massive amount of patient records in order to keep track of those receiving vaccines. And care facilities have always known this was a possibility. It’s why they invested in cybersecurity measures such as fortified medical grade computers and HIPAA-compliant messaging software. Unfortunately, healthcare providers aren’t the only target anymore . The vaccine cold chain — the part of the vaccine supply chain that deals with the storage and safe preservation of vaccines in temperature-controlled environments — has also begun whetting the appetites of criminals looking to exploit their next target.
Unfortunately, these cybercriminals work quickly. As early as September 2020, IBM Security’s threat intelligence task force, a task force dedicated to tracking COVID related cyber threats, observed phishing campaigns that targeted vaccine supply chain partners involved in the cold chain across six different countries.
What and Who is Being Targeted?
Article Guide
The entire vaccine supply chain — from researchers and syringe manufacturers to storage facilities and care facilities — is fair game for these criminals interested in exploiting the public when it’s at its most compromised.
Patient data is naturally one of the most valuable things still up for grabs. As patients repeatedly return to care facilities for multiple doses of the vaccine, care facilities are going to be sharing patient records amongst themselves with much more frequency than previously. This gives criminals more opportunities to attack and steal this data if it isn’t properly protected.
Those working at facilities involved in the vaccine cold chain have also started to see more cyberattacks targeted at them specifically now that their work credentials give criminals access to a life-saving vaccine whose administering is being carefully observed by the entire world. Nigel Thorpe, technical director at the SecureAge, even explains a nightmarish scenario where criminals could gain access to cold storage boxes of the vaccine and lock them away remotely until they receive ransom payments for the doses.
Healthcare facilities, thus, are no longer just looking at their own cybersecurity. They need to now also look at their vaccine supply chain and cold chain partners and ensure their collective cybersecurity efforts are up the snuff.
What You Can Do to Protect the Vaccine Supply Chain
So, now that healthcare is entering a new realm of cyber security – one that deals with multiple cold chain and distribution partners amidst skyrocketing patient record generation – there are a few recommended best practices to keep in mind. Some of these recommendations are tried and true ones that have been screamed from the rooftops for some time while others are more tailored to the current times.
Blockchain
Entering into a blockchain ledger with vaccine supply chain partners can help give staff a clearer view into all shared information and even provide more insight into when a cyber-attack is occurring.
Blockchain will allow all members who are part of a network to be notified if any changes are made to data shared on that network. Better yet, because these ledgers are run on a peer to peer network, all changes need to be approved by everyone who has access, meaning several more opportunities to confer and spot and quash a cyberattack before it reaches important data.
Multi Factor Authentication (MFA)
There’s never been a more fitting moment to double down on staff identity authentication. If you’re already using RFID scanners and badges, consider supplementing authentication efforts with a second piece of identity confirming hardware.
Something like a computer on wheels setup with biometric scanning capabilities built into the device can ensure that, in addition to a badge that can technically be scanned in by anyone, eye or fingerprint scans that can’t be replicated by criminals are also used as added insurance of a person’s identity. The right manufacturer can even have these peripheral scanners built into a computer that runs on its own batteries and uses those internal power sources to power said peripherals, making the total on wheels workstation solution lighter and easier to transport across the care facility.
Single Sign On
Authentication solutions such as RFID and biometric scanners can provide both a security benefit of identity confirmation while also providing the added bonus of streamlining the login process (which has been commonly tied to nurse and physician EHR burnout). Thankfully, healthcare Single Sign On solutions can compound both of these benefits, further improving both security while also providing practical efficiency improvements.
SSO solutions such as Imprivata’s double check credentials on a separate server, confirming the identity of those logging in and also eliminating the need for repeated logins which can cut down on burnout-fueled cybersecurity slip ups. Used in conjunction with MFA and the RFID/biometrics we mentioned earlier these kinds of programs can provide a very potent barrier against criminals looking to steal valuable vaccine supply chain data.
Whether you decide to use SSO on desktop workstations, COWs, or medical tablets, be sure to invest in hardware that has been Imprivata certified to ensure your hardware and software solutions are compatible and provide the most effective defense.
Educate Staff on Recent Vaccine Supply Chain Attacks
The majority of cyber-attacks we’ve seen as a result of increased targeting of the vaccine cold chain have been phishing scams. More often than not, these scams took the form of emails that pretend to hold important information on vaccine distribution locked away behind a screen that asks healthcare professionals to input their login credentials.
With this in mind, educate staff on what a normal email from your team looks like and consider implementing a steadfast rule stating, “if it asks you to input credentials, delete the email and don’t click anything within it”. Many times, this is common sense, but staff is more stressed than ever and vaccine distribution is only going to increase workloads, anxiety and burnout and human error will likely increase as a result. It’s during these times that even common sense needs to be reiterated. Also inform staff they can always reach out to IBM Security’s task force’s US (1-888-241-9812) or global (+001 312-212-8034) hotline if they require immediate assistance.
The One Thing We Know is That Cyber-Attacks on the Vaccine Supply Chain are Increasing
Healthcare is in an unprecedented situation right now. We’re being hit with an unknown virus, we are in the midst of a care crisis that is seeing facilities unable to house patients, and we’re now beginning to distribute vaccines that have been developed and tested in record time. There is no telling what the future of COVID care and these vaccination programs hold. There is one thing, however, we do know: cyber-attacks will not slow down. They never have before, they didn’t during the height of the COVID pandemic, and it’s very likely that they won’t slow down in both the near and distant future. In order to meet your current cybersecurity needs and the very likely cybersecurity needs of your vaccine supply chain and cold chains in the future, the right hardware is absolutely paramount. For more information on how to incorporate that hardware seamlessly, contact an expert from Cybernet today.
The Who, What, When, and Why of Healthcare Industry Cybersecurity
March 26, 2020
Healthcare and cybersecurity have a very closely entwined relationship. The healthcare industry is filled to the brim with medical computers and EHR records housing valuable patient data. Cybercriminals are often…
0 Comments11 Minutes
How Hackable Are Modern Medical Devices?
August 27, 2019
Headlines all around the medical community are decrying connected medical devices and the inherent danger from hackers. But is there any truth to the concern? Should we be worried that nefarious keyboard cowboys are…
0 Comments9 Minutes
Ransomware Prevention & Mitigation in Healthcare
January 20, 2017
Ransomware is one of the most aggressive, damaging, adaptable and agile cyber attacks. It evolves fast; it is also easy to create; it scales well; it is easy money for the hackers. A 2016 survey by SentinelOne says 50%…
0 Comments10 Minutes
You Can't
Learn from a Pop-up
But we can deliver knowledge to your inbox!
We dive deep in the industry looking for new trends, technology, news, and updates. We're happy to share them with you.
Knowledge, News, and Industry Updates Right in Your Inbox
