Since COVID-19, much of the greater workforce is now operating remotely. Healthcare, in particular, has been rapidly deploying new technologies like telehealth and remote monitoring to manage patient surges. In the meantime, there's been a post-COVID-19 spike in malicious cyberattacks. Some of these attacks are even specifically designed to take advantage of people's fears amidst a crisis. For example, if someone clicks on what they think is an official coronavirus safety measure document when it's actually malware.
"[COVID-19] is an interesting time whereby bad actors will look to exploit people's fears, people's vulnerabilities, and this change of working," said Paul Mee, Partner in Oliver Wyman's Digital and Financial Services and Cyber Platform Lead and a computer scientist by education. "Some of my clients now get over a million attempts a day," said Paul, whose recent work at the firm focuses on how cyber risk is evolving as the novel coronavirus presses onward.
In this episode of the Oliver Wyman Health Podcast, Paul joins Charlie Hoban, Partner in Oliver Wyman's Health & Life Sciences practice, to discuss cybersecurity best practices for healthcare leaders operating in a never before seen pandemic mode. Below, hear our 18-minute conversation on the current state of the cybersecurity landscape, how to promote cyber mindfulness in the workforce, why this pandemic represents a prime opportunity for rogue actors, and more.
Memorable Moments From This Episode:
- "Healthcare records will sell for between 5 and 20 times the price of a credit card record on the dark web. ... You're more interesting than you think."
- "The information in the healthcare sector is broad and valuable. If I look at the value associated with a new drug, for example, its lifetime value can be $20 billion. If you can find out the ingredients and formula and processes associated with that drug, you can choose to counterfeit that, and then other countries will actively counterfeit that, too."
- "If you look at the airline industry, safety is paramount and it's in everyday conversations. Whenever I've shared lunches with airline pilots, engineers, and the crew of aircraft, some aspect of safety is always in the conversation. It's the way of talking. If you can do that to your organization and make sure those conversations happen without fear of blame, then you'll have a much stronger basis for cyberculture. This way, it's almost like you have a human firewall that helps you deal with cyber events and helps to prevent them from happening in the first place."
- "Right now, when we are very rapidly deploying new technologies, specifically around telehealth and remote monitoring, now's the time to be thinking about security and safety from the outset instead of after the fact. Otherwise, you're constantly defending. If you want true resilience, designing that kind of security from the start will put you on much stronger footing."