How Cybersecurity Supports Patient Safety and Reliability of Care During a Pandemic

“Cybercriminals never let a crisis go to waste,” reveals Vugar Zeynalov, Cleveland Clinic’s Chief Information Security Officer. “Cybercrime has dramatically increased during the pandemic, emphasizing the role of cybersecurity in not only protecting our data but also enabling our core mission of caring for people.”

“Healthcare workers are physically and emotionally exhausted, and many health systems had to completely transform their technology system to accommodate significantly higher volumes of remote care,” Zeynalov explains. “Cybercriminals see these as opportunities to disrupt and extort health systems that are already struggling.”

First Priority: Patient and Caregiver Safety

What role does cybersecurity—typically tasked with protecting data—play in keeping people healthy during a pandemic? As it turns out, a critical one. Cleveland Clinic’s Cybersecurity team expanded programs during the pandemic to enable patients and caregivers to connect virtually, specifically telehealth, remote access, and peer collaboration. Providing safe telehealth and videoconferencing platforms allows patients to seek care in a safe environment and enables caregivers to help more people while minimizing their risk. During the pandemic, Cleveland Clinic was facilitating 26 times the number of virtual visits than it was before the pandemic. The pandemic led to the largest remote work experiment in history as organizations tried to keep their employees safe. As interactions have become increasingly digital and employees connect work computers to their home networks, Cybersecurity helped extend the trusted and resilient digital platforms into people’s homes.

Cybersecurity Operations Center: Defending the Hospital

Cleveland Clinic’s Cybersecurity Operations Center (CSOC) is the nerve center for coordinating and dispatching cybersecurity activities for the Clinic’s hospitals, institutes, and more than 200 facilities worldwide. “The center is co-located with our Global Security Operations so that we can share information and coordinate physical and digital responses to potential incidents,” says Zeynalov. “Live feeds from all our security tools integrate with streaming threat intelligence from our industry partners, law enforcement, and threat analysis services so that we can identify threats early and respond swiftly.”

With 24/7 staffing, the CSOC is prepared to launch an immediate response to a potential cyber event. The center also hosts regular incident response exercises and tabletop events with participants from across the enterprise to ensure safety and reliability of care during an event.

The CSOC is an essential line of defense as cyber criminals use the pandemic as a pretext to conduct their malicious operations. Last year the CSOC saw:

• 7% increase in malicious websites.
• 5% increase in malicious emails.
• 1% increase in malware attempts.
• 9% increase in network attacks.

Training and Awareness: Preparing Caregiver

“Traditionally, cybersecurity professionals have said that the most vulnerable element of any system is the human element. However, a well-trained caregiver can be the most versatile line of defense,” Zeynalov explains. “If the caregiver detects something suspicious and reports it, we can act quickly to mitigate the risk. People are great at noticing subtle clues and adapting, which allows them to protect what machines can’t.” Because of this, our cybersecurity team spends considerable time building awareness and educating caregivers about how cyber risk can present itself in their specific roles.

According to Zeynalov, there has been an increase in espionage efforts aimed at coronavirus vaccine research. In addition, fake COVID-19-themed phishing emails, phone calls and text messages are being used to lure victims to visit websites with payment scams and malicious software — all designed to exploit human traits, such as concern and curiosity.

From the beginning of the pandemic, the Cleveland Clinic communications team has been vigilant in curating accurate news and information related to COVID-19. “By providing trustworthy information, Cleveland Clinic is helping its caregivers and patients navigate the complexities of these difficult times while reducing their risk of falling victim to a cyber scam,” says Zeynalov.

Fostering Resiliency: Preparing the Organization

Not every cyber threat is preventable. While it’s impossible to predict how a cyber event may unfold, Cleveland Clinic relies on three core pillars to help it recover from a cyber incident or other business interruption that impacts patient care:

1. Organize a plan: The CSOC has detailed playbooks for the most common incident types. These playbooks outline instructions so that everyone can stay calm and focused on the most critical elements — even at the peak of a crisis. An important part of these playbooks involves knowing which parts of the IT infrastructure can be shut down to protect it during a security event. “Because people’s lives are relying on our technology, we can’t just blindly shut everything down,” relates Zeynalov. “We have detailed information about our medical devices so we know which ones can be shut down safely or quarantined during an event.”
2. Restore to known good points: The Cybersecurity business resiliency team helps business leaders and technology owners across the enterprise:
   • Understand how technology is integrated into their processes and the impacts of potential outages.
   • Design backup plans that include what to backup, how frequently, and where to store it so that we “known good” points to fall back to.
   • Develop contingency plans that detail how to continue operations while technology recovery is underway.
3. Promote cross-functional awareness: “During a major cyber event, everyone has a role to play in continuing to provide our patients with the level of care expected at Cleveland Clinic,” explains Zeynalov. “We encourage people in every part of the healthcare delivery system to apply principles of high reliability organizations to help healthcare organizations improve the safety, quality and experience of patients and caregivers in a digital world.”

While cybercriminals used the pandemic to bolster their targeting of healthcare systems, Cleveland Clinic’s cybersecurity program heeded the call to support patients in a time of great need and caregivers as they battled on the front lines. The pandemic highlighted how important the next frontier of care delivery is; technology can rapidly expand our reach through non-traditional channels that enhance safety and convenience for patients and caregivers. Cybersecurity is how we ensure those technologies are highly reliable so that we are prepared to deliver outstanding care in any situation.