We’re aware of the dangers of unprotected personal information circulating online. But we must be more than aware. It’s vital that we also consider the security of a far more important and private type of information: our health records.
The healthcare industry spends an average of $7 million for each data breach. Cybercrime in healthcare cost victims approximately $30 million in 2020. With almost 86% of physicians employing digital EMRs, it’s more important than ever to protect your organization’s health records.
Let’s explore the latest on telehealth and cybersecurity and what they mean for healthcare providers and patients.
Reviewing recent updates on communication and risk
Last year saw loosened restrictions on the use of common communication apps in healthcare. These include Facetime, Google Hangouts, Zoom, Skype, and Facebook Messenger in healthcare. But it’s important to consider that data breaches and cyber attacks against social media outlets are worryingly common. Facebook alone was fending off over 600,000 cyberattacks a day 10 years ago. In 2018, as many as 50 million accounts were compromised by cybercriminals.
While telehealth’s evolution increased access to medical services during COVID-19 lockdowns – and was especially impactful for high-risk individuals – it also introduced another layer of security uncertainty.
Consider this: recent research showed that 3rd party apps and aggregators “that pull data from electronic health record systems may be vulnerable to hacks, putting millions of patient and clinician records at risk.” After testing 3 APIs serving a network of 48 mobile apps and APIs and that use the Fast Healthcare Interoperability Resources (FHIR) standard for healthcare data, cybersecurity expert Alissa Knight:
- gained access to more than 4 million patient and clinician records with a single patient login account
- gained access to patient records from other apps on their platform
- noted that the “issues were found because of a lack of harmony and secure co-development with the integrators and the app developers”
Knight was met with harsh backlash, particularly about the importance of the FHIR standard. But she pointed out that “the vulnerabilities were in the implementation, not the FHIR standard itself.”
We know that telehealth is an easy target for cybercrime. The Healthcare and Public Health Sector Coordinating Council note this is due to:
- vulnerabilities associated with data traversing network/Internet access
- telehealth communication needs to travel outside of controllable environments
- PII and PHI can command a high price on the black market
- 325,000 mobile health apps are currently in existence
- the global medical device connectivity market is expected to exceed $2.5B by 2024
So organizations must move forward in maximizing the benefits of telehealth by adhering to the regulations and procedures that protect patient privacy and confidentiality. They must also partner with cyber experts who can meet them where they are in cyber hygiene and then take bold steps to expand protection as risk evolve.
Assessing secure devices
While your healthcare organization uses devices for telehealth that are adequately protected, its patients’ devices may not be. They need to be protected from data breaches that can not only impact a patient’s device but also a provider’s device.
In addition, a patient’s network should be properly secured. To better protect all parties, organizations may install technical safeguards such as firewalls and intrusion detection systems (IDS) on all provider owned telehealth devices.
Managing new vulnerabilities with in-home care
The uptick in in-home care and telehealth has been a boon for medical accessibility – and lurking data thieves. With the adoption of new technology and an aging patient population, new challenges are frequently arising in regard to patient information security and privacy.
Such care options may “enhance the patient’s and caregiver’s experience, extend the reach of home health providers, and improve connectivity with the broader care team.” However, the same standard of care for in-person visits applies for telehealth visits. That necessitates “investing in IT personnel” to provide a safeguarded telehealth infrastructure.
Taking stock of weak cyber defenses
It’s not news that medical data is worth big bucks around the globe. While legal regulations require data brokers to anonymize collected information before selling, unscrupulous practices and advances in data mining increasingly make this promise of anonymity a fantasy.
Opportunistic data brokers may even use memory devices like USBs to upload gigabytes of patient data from unattended or stolen devices or by exploiting weaknesses in healthcare providers’ digital architecture.
The most important fact to understand about telehealth cyber threats is they aren’t going anywhere. Experts say there will be a cyberattack every 11 seconds this year, almost doubling attacks in 2019.
Unfortunately, with telehealth options surging in popularity and the value of patient data forecast to skyrocket to over $345 billion over the next five years, the size, scope, and frequency of cyberattacks will only increase in the years to come.
Tips to improve telehealth cybersecurity
While patients should familiarize themselves with the best practices to protect their own data, the responsibility largely falls on hospitals, physicians, and other healthcare organizations to ensure patient data is kept secure.
Unified endpoint management systems are a great option for securing a diverse network with multiple devices in use. Other strategies worth consideration include:
- limiting network access
- encrypting sensitive data
- implementing multi-factor authorization when accessing patient information or correspondence
- ensuring all applications in use are HIPAA-compliant
Implementing these strategies will significantly boost digital security, inspiring trust and confidence in patients in an uncertain time for medical privacy.
Secure your organization’s HIT team today with experts qualified to support your existing and future investments: