During the COVID-19 pandemic health care organizations became prime targets for cyberattacks. While health care providers turned their attention to providing critical medical care, patient health information remained an attractive target for cybercriminals. Beginning in October 2020, the Federal Bureau of Investigations (FBI) warned U.S. hospitals and health care providers of an increased and imminent cybercrime threat. U.S. Cybersecurity and Infrastructure Security Agency, U.S. Federal Bureau of Investigation, U.S. Department of Health and Human Services, Ransomware Activity Targeting the Healthcare and Public Health Sector (2020). This warning proved necessary. In March 2021, the FBI released its Internet Crime Report which showed a 300—400% increase in cyberattack complaints in 2020. See Maggie Miller, “FBI sees spike in cyber crime reports during coronavirus pandemic,” The Hill (April 16, 2020); U.S. Federal Bureau of Investigation, Internet Crime Report (2020). More than 20 million individuals were affected by the increased health industry data breaches between June 2020 and June 2021. See Hannah Mitchell, “11 data breaches affecting more than 1 million patients in last year: Trinity Health, Inova & more,” Becker’s Hospital Review (June 11, 2021). Not only are cyberattacks a dangerous threat to patient data and security, they also slow access to medical records which can have significant negative impact on the efficacy and timeliness of patient care.

This article will discuss three reasons for the increased vulnerability of health care organization during the COVID-19 pandemic and will share practical advice on how health care organizations can protect themselves against cyberattacks.