Why Telehealth Needs to Tighten Cybersecurity Measures

Some experts warn that the ongoing pandemic is not an unprecedented event. Historically, there have been numerous infectious diseases that have swept the globe. And though it may not be within the next few decades or century, another global pandemic is possible after COVID-19 has been quelled.

The pandemic has put the health care system under tremendous strain. One method to combat this strain was the accelerated uptake of digital technologies to deliver healthcare services on a remote basis, or what is known as telehealth. Telehealth provides physical safety for healthcare providers and patients, given that they don’t have to risk exposure to facilities overloaded with COVID-19 cases. However, with the increased dependence on cyber tools, the healthcare system is at a heightened risk of cyberattacks. Though both telehealth services and cyberattacks were present long before the pandemic, the heightened use of online platforms has magnified the risk factor.

How the pandemic increased telehealth cybersecurity risk

The digital landscape is rife with cyber threats as businesses shifted to online transactions. According to a study by the University of Maryland, hackers execute cyber-attacks 2,244 times a day on average 1 — that’s one attempt every 39 seconds. As the healthcare sector continues to expand access to telehealth offerings, research from SecurityScorecard and Dark Owl underscore that telehealth has clearly become a major target for cybercriminals. The researchers found increases in several risk vectors including IP reputation alerts (117%), issues involving patches (65%), and endpoint alerts (56%). There was also a surge in mentions of telehealth apps and credentials on the dark web, potentially indicating that there is currently a high demand for illegally acquired medical data. 2

Karen Schechter, director and assistant professor of Maryville University’s online health administration program 3, says that the problem with telehealth cybersecurity is the rapid migration to these technologies. Cybersecurity was already an issue for healthcare, and it’s happening again with the accelerated adoption of healthcare technologies this year. Schecther goes on to explain that many healthcare organizations are unable to keep up with digital shifts such as this one. Smaller and individual providers are especially impacted due to several constraints such as lack of financial resources and lack of relevant training among employees. The lack of training, in particular, is challenging to navigate, as many healthcare systems simply do not have the expertise to effectively carry out cybersecurity measures. These gaps result in many cybersecurity holes, which malicious actors attempt to infiltrate.

How data breaches affect organizations and individuals

Data breaches are without-a-doubt a severe risk for healthcare providers and their patients. Organizations that suffer from cybersecurity incidents have to do damage control. This can be in the form of stopping all operations until the system is secured again, tracing the extent of the damage and repairing it, and compensating those who are affected by a security breach. All of these can be very costly. Even the act of notifying affected parties can set healthcare facilities back thousands of dollars. The costs of repairing the organization’s reputation alone is a huge expense. A report by the American Journal of Managed Care indicated that hospitals spend 64% more on advertising the following two years after a data breach. 5

For individuals, the damage could be more extreme and difficult to repair. The illegal selling of medical information has become more lucrative than selling credit card information, based on findings published by HealthTech Magazine. 6 Healthcare data can sell up to $1,000 online and malicious actors can do so much more with highly detailed information. For example, they can extort money from their targets who don’t want to reveal medical conditions, such as sexually transmitted diseases. Criminals also use personal information to obtain loans and commit other fraudulent activities, which can damage a person’s life for many years to come.

Given these broad concerns, telehealth cybersecurity risks must be taken even more seriously, especially now that telehealth is becoming more normalized. Healthcare providers, specifically those that offer remote services, must heavily invest in telehealth cybersecurity measures to protect their data as well as their patients’.

Post solely for the use of maizeanalytics.com By Jewelyn Burke

1. https://eng.umd.edu/news/story/study-hackers-attack-every-39-seconds
2. https://www.darkreading.com/attacks-breaches/cyber-risks-explode-with-move-to-telehealth-services/d/d-id/1338890
3. https://online.maryville.edu/online-masters-degrees/health-administration/
4. https://www.yahoo.com/lifestyle/unsecured-medical-images-underrated-threat-220857561.html
5. https://www.maizeanalytics.com/hospitals-spend-more-after-data-breach-but-there-is-a-fix/
6. https://healthtechmagazine.net/article/2019/10/what-happens-stolen-healthcare-data-perfcon