Is Telehealth Healthcare’s Biggest Cyber Threat?

Is Telehealth Healthcare’s Biggest Cyber Threat?
Mike Wilkes, Chief Information Security Officer, SecurityScorecard

It’s time to get used to seeing your doctor from a digital screen, as virtual care is projected to expand well into the future. And while telehealth technology has proven to be highly beneficial in supporting the shift to virtual healthcare, it has also introduced a host of new vulnerabilities and opportunities for security breaches. Cybercriminals have always preyed on the healthcare industry, but with this virtual transition, the substantial increase in connectivity and network exposure has expanded the bullseye target for threat actors around the world. 

It is crucial that providers take control of their cybersecurity posture and secure their telehealth solutions from cyberattacks and risks.

The Rise of Telehealth

Telehealth has existed in some form ever since the ability to communicate over long distances around the turn of the 20th century but didn’t become well established until the 1960s and 70s as a way to provide rural populations healthcare access. It comes as no surprise to most, however, to hear that the practice really took off during the COVID-19 pandemic when, due to lockdowns, health concerns, and healthcare mandates, demand for remote healthcare services increased sharply.

According to a July 2020 ASPE report, telehealth accounted for less than 1% of primary care visits in February prior to the pandemic — but by April 2020, they constituted nearly half. In all, the pandemic led to a 350-fold increase in telehealth visits from pre-pandemic levels. While the initial surge has dropped from its peak, telehealth visits demonstrated their value to patients and medical staff alike and are destined to remain much more common than they were prior to 2020.

Where the Threats are Coming From

Since telehealth relies on meeting and sending information electronically using computer networks and the public internet, information exchanged during these sessions (as well as the connected networks themselves) are more exposed to cyber threats. And while it may seem like an obvious idea to work to further secure healthcare networks, many of the vulnerabilities stem from the patient’s network devices.

Many telehealth patients connect to services through poorly secured devices and home networks, leading to endpoint vulnerabilities if the proper authentications and measures are not implemented. This larger attack surface opens the door for increased threats and attacks from all the usual suspects, such as phishing, malware, zero-day exploits, and DDoS attacks.

The sudden and rapid increase of telehealth services also acts as a beacon to bad actors, who are attracted to new technologies and roll-outs due to the potential for more blind spots or misconfigured security settings that they can take advantage of.

It’s not just the potential for vulnerabilities that make telehealth an attractive target for attacks. But it’s also the information that can be stolen from such attacks is considered particularly valuable. Hacking healthcare networks provide potential access to both personally identifiable information (PII), protected health information (PHI), and access to patient payment details, which can all be used for identity theft.

How Big is the Threat?

Since the broad implementation of telehealth at the start of the pandemic, providers have seen the following:

– 117% increase in website/IP security alerts due to malware.

– 65% increase in security patching of known vulnerabilities.

– 56% increase in endpoint vulnerabilities that enable data theft.

– 42% increase in issues related to FTP– the network protocol that facilitates the transfer of information between client and server.

– 27% increase in issues related to RDP– the protocol that enables remote connections.

– 16% increase in web-based application security findings.

The report found that, while the overall healthcare sector saw a slight improvement in its security posture from September 2019 to April 2020, this improvement was offset by the surge in risk and vulnerabilities resulting from the telehealth explosion. 

Many healthcare organizations had to turn to telehealth quickly, which meant less time to properly vet vendors and enact appropriate security measures. Overall data suggest that cybercriminals opted to focus less on healthcare organization networks and began targeting telehealth vendors instead, due to the new opportunity it presented. This is further supported by the notable increase in mentions of telehealth companies in dark web records and sites.

Defending Telehealth and Patient Portals

It’s not too late to tie up loose ends and secure the telehealth industry, but it’s going to take work. Reducing threats and minimizing risk requires implementing robust, modern security solutions designed to shore up endpoints and authenticate identity. The following tools and techniques work toward those ends:

– Multi-Factor Authentication: By requiring two or more factors to verify identity at login, you make it that much harder for cybercriminals to gain access with stolen information or credentials. 

– Login Monitoring: Monitoring devices and logins can alert the security team if a login is attempted from an unrecognized device or if a device or account is associated with suspicious behavior. Tracking login behavioral patterns also make it possible to distinguish between a bot and human activity.

– Credential Screening: Instead of relying on a static list of compromised credentials, you should check credentials against a dynamic database to ensure immediate detection of unauthorized credential use.

– CAPTCHA Implementation: Deploying a CAPTCHA service helps reduce threats associated with riskier or repeated login attempts.

– Failed Login Limits: Setting a limit for the number of failed login attempts for a single account helps prevent brute force attacks and other attempts at compromising login credentials.

If telehealth and new healthcare technologies continue to have poor network security, we can expect that cybercriminals will continue to pay attention to this space, potentially putting patients’ lives at risk. It is crucial that providers take control of their cybersecurity posture and secure their telehealth solutions and service providers from cyberattacks and risks to best protect the security and identities of their patients in the future.


About Mike Wilkes 

Mike Wilkes is the Chief Information Security Officer (CISO) at SecurityScorecard. Wilkes is responsible for developing enterprise-wide security programs to protect corporate systems as well as growing and extending the SecurityScorecard platform to customers, executives, and boards of directors. Before joining SecurityScorecard, he was the VP, Information Security at ASCAP and the Director of Information Security, Enterprise Architecture, and DevOps teams for Marvel Entertainment.