AMA, AHA partner on COVID-19 cyber threats guidance for hospitals, physicians

As opportunistic attacks ramp up, the groups offer recommendations for VPNs and cloud-based services, coronavirus-themed phishing emails, telehealth deployments, and medical device security.
By Nathan Eddy
11:23 AM

The American Medical Association and the American Hospital Association have teamed up to help healthcare organizations respond to a rise in cyber threats exploiting the COVID-19 pandemic.


The two organizations have drawn particular attention to the risks posed by telehealth and remote work environments, and have published a paper that offers guidance to help healthcare organizations strengthen home- or hospital-based computers, networks and medical devices.

The paper recommends using a virtual private network and/or a cloud-based service to securely access the practice-management system and patient data and diagnostic images stored in electronic health records.

Additional considerations include the addition of enhanced email system security protocols such as advanced threat protection to detect malware based upon behavior and known indicators, and use of multi-factor authentication for all personal and business accounts.

The guide also includes recommendations for healthcare workers using smartphones, tablets and other mobile devices to access EHRs or to order medications (including the installation of antivirus software and ensuring that a home wireless network is protected with a strong password).

The report also noted that, because ransomware and phishing emails are being designed to look like reputable information from trusted sources, physician practices should exercise caution when clicking on links, opening email attachments, downloading files and installing new programs.

The guidance concludes with a section on medical device security precautions. The document notes that such devices vulnerabilities are often exploited by cyber adversaries.

In addition to ensuring proper access controls, password protection and encryption, the report recommends purging unnecessary patient information stored on medical devices. 


The coronavirus pandemic has put increasing strain on healthcare cyber security defenses as multiple organizations have recorded a spike in phishing scams and other types of threats targeting healthcare organizations.

Most recently, Penn Medicine CISO Dan Costantino offered his insights into the hospital's COVID-19 cybersecurity response, including efforts to securely roll out new telehealth offerings and the ongoing need to be nimble and accommodating to the needs of clinical staff on the front lines.

Major technology companies are lending a helping hand as well, including Microsoft, which has extended its AccountGuard service to healthcare organizations for the duration of the pandemic.

The cybersecurity program will be made available to hospitals, clinics, labs, frontline providers, device manufacturers and life sciences companies that are researching treatments.


"Amid increased reports of malicious cyber activity, some physicians and care teams are working from their homes and relying on technologies to support physical distancing measures while ensuring availability of care to those who need it," said AMA president Dr. Patrice A. Harris.

"For physicians helping patients from their homes and using personal computers and mobile devices, the AMA and AHA have moved quickly to provide a resource with important steps to help keep a home office as resilient to viruses, malware and hackers as a medical practice or hospital."

Nathan Eddy is a healthcare and technology freelancer based in Berlin.
Email the writer:
Twitter: @dropdeaded209

More regional news

(Photo courtesy ChristianaCare)

Pain management therapy demonstration, Airrosti low-code EHR

Pain management therapy demonstration at Airrosti. (Credit: Airrosti)

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.