Healthcare providers are seeing between 50 and 175 times (1) more patients via telehealth than before. Telehealth platforms* offer solutions for a wide array of different healthcare issues. An estimated 20 percent of all emergency room visits and 24 percent of routine office visits and outpatient volume could be delivered virtually via telehealth.
Telehealth is a win-win for providers and patients. It both increases the availability of care while also reducing costs. However, telemedicine does have intrinsic privacy and security risks that all providers must minimize to protect sensitive patient data.
The Inherent Vulnerability of Connectivity
Providers have been eager to adapt to this care delivery method, but many platforms do not meet HIPAA requirements and lack adequate data safeguards. The same connectivity that makes telehealth possible also creates threats to patients. Protecting patient health information (PHI) and providing remote services doesn’t fit together easily.
Any data transferred over the internet runs the risk of interception by threat actors, and healthcare has long been a preferred target for cybercriminals. In 2019, healthcare data breaches cost the industry over $4 billion (2).
This year is no exception with a further increase in ransomware (3) and other attacks that put millions of patients’ records in danger of exposure. These types of events have all happened within typically well-fortified hospital networks.
Connecting with patients via telehealth and transmitting biometric data via remote care devices only furthers these dangers. The biggest risk is that patients lack control of the collection, usage and sharing of their PHI.
For instance, remote monitoring devices built with sensors to detect falls may collect information on other activities patients wish to be kept private—including that their home is unoccupied at certain times and the types of activity they participate in. Even with security measures, any transfer does have a potential for a breach.
How to Prevent Security Risks in Telehealth
More secure telehealth begins by establishing best practices. Because of the sensitive information healthcare organizations possess, providers and the vendors they choose to work with must focus on core elements of data security through related tools and strategies such as:
1. Identity Authentication
Continuous identity authentication ensures authorized individuals have access to data. Identity authentication can be accomplished through a variety of approaches.
Multi-factor authentication, or the requirement of utilizing two pieces of evidence to sign in, is among the most common and has been proven effective in blocking 99.9 percent of all automated cyber-attacks.
Beyond this, users need to develop strong, unique passwords for, not just their telehealth platform accounts, but across their entire online logins and accounts.
2. Improve Telehealth Platform Safety
HIPAA requires that providers integrate encryption and other safeguards into their interactions with patients. However, patients’ devices on the receiving end of care often don’t have these safeguards while some medical devices have been shown to be vulnerable to hackers.
Ensuring the safety of all patient devices in the short term will be impossible. Thus, telehealth platforms must be as secure in themselves as possible. The software needs to be designed in a secure environment and contain numerous ways of establishing secure channels between patients and providers.
3. Investing in Patient Education
Outside of telehealth, cybersecurity ultimately relies on the end-user. As hackers continuously exploit new vulnerabilities, developers are in a constant race to keep up with new threats. Cybersecurity is only as strong as its weakest link. Secure telehealth apps must be complemented by other measures.
For this reason, healthcare providers should educate patients about cybersecurity and the steps they should take to improve the overall safety of their interactions online by:
● Educating patients about the telehealth security threats;
● Using a VPN both during telehealth services and for general device usage;
● Frequently updating all apps and operating systems, not just telehealth platforms;
● Enabling anti-malware and virus scans to run at all times;
● Restricting app permissions to what’s necessary for app functionality only; and
● Recognizing social engineering and other types of cyber-attacks.
How to Minimize Telehealth Security Risks
The one word providers must focus on when implementing telehealth is encryption. It needs to be everywhere. Since data is vulnerable in all stages of its life cycle, including during storage, transmission and access, encryption must be built into every step of this process.
Concerns about the privacy and security of these systems should not adversely affect people’s trust in telehealth. The benefits outweigh the risks. But providers must embrace more rigorous standards and minimize threats to ensure telehealth can deliver on its promises and live up to its potential.
Sources:
- https://www.mckinsey.com/industries/healthcare-systems-and-services/our-insights/telehealth-a-quarter-trillion-dollar-post-covid-19-reality
- https://healthitsecurity.com/news/data-breaches-will-cost-healthcare-4b-in-2019-threats-outpace-tech#:~:text=November%2005%2C%202019%20%2D%20Healthcare%20data,per%20each%20breach%20patient%20record.
- https://www.securitymagazine.com/articles/92575-increase-in-reports-of-ransomware-attacks-on-health-care-entities
- https://www.microsoft.com/security/blog/2019/08/20/one-simple-action-you-can-take-to-prevent-99-9-percent-of-account-attacks/
