COVID-19 and Cybersecurity?

Just a couple of months ago, no one outside of China knew anything about the nova coronavirus, now dubbed COVID-19. Back then, much of the healthcare press was focused on the ongoing pace of change, and specific issues like cybersecurity, and the ransomware epidemic. To be fair, there is so much activity on the cyber-war front, it's easy to get consumed by it and ultimately paranoid.

It's the panic and paranoia surrounding both Covid-19 and cyber issues like ransomware that create part of the problem. I'm sure most healthcare organizations are fielding countless calls each day about Covid-19, and what people can do about it. Without question, we need to be prepared. As a healthcare organization, you need to have a game plan, preferably a policy on how your organization will confront this threat. The truth is, both Covid-19 and ransomware can be lethal - the first to your patients, the second to your organization. However, the likelihood of either event taking you out is still statistically low. Let's take the 2009 outbreak of H1N1, aka swine flu, as an example. According to the CDC, that pandemic infected 20 million Americans in 2019 and resulted in 4,000 deaths. Globally, the estimate is it may have killed as many as 500 million people. As bad as that was, we didn't see the level of hysteria we are seeing now.

So the reality of these two challenges is exceeded by the hype and hyperbole surrounding them. Now, I am NOT diminishing the significance of either threat. I'm merely pointing out the crowd mentality hysteria surrounding both events will likely do more damage than the afflictions themselves. It's highly probable as I write this that Covid-19 will soon formally receive pandemic status by WHO. It's also probable that large group gatherings, like trade shows, sporting events, and conventions, will see a drastic pullback in attendance, that's if they're not outright canceled first. The ripple effect of this panic will have a devastating impact on our economy, and that's the larger concern.

It simply makes sense to keep a level head about the realities of the events ahead and be prepared for the worst. And that's the same advice I give our clients about cybersecurity. You can't ignore the threat, but you can't be so paranoid that you hinder your ability to conduct your business. 

So as your staff is fielding calls and questions about Covid-19, we are all better off remaining pragmatic in our responses.

Of course, my hope is we're able to contain the spread of this virus, but in the event we fail (and we possibly already have), then acknowledging the reality of the statistical mortality rates of the infection should help us keep things in perspective. That said, I'm concerned. I'm concerned we are going to panic ourselves into an economic crisis in addition to a real pandemic. I'm concerned that much of the information we have on Covid-19 comes from the Chinese government, including the 2% mortality rate. As of this morning, March 3rd, there are 106 known cases in the US. We've had 6 deaths and 7 recoveries. You don't have to be a math major to see that our mortality rate exceeds 2%. The current mortality rate globally and in China is actually over 3%. For a look at the current statistics, Johns Hopkins University is providing an up to date heat map - https://systems.jhu.edu/research/public-health/ncov/.


If you have any questions or if you are concerned about your organization's cybersecurity, give us a call at (800) 970-0402. We'll be happy to help.


For more HIPAA information, download our ebook - The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.