Feeling Cybersecure Yet? Cybersecurity for Telehealth Professionals

Please support Telehealth.org’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

HERE IS HOW

What is the Great Dispersion?

As a digital mega-trend that is difficult to ignore, the “Great Dispersion” refers to the sidestepping of traditional channels to have faster, more comprehensive, contactless, and more convenient delivery of products and services. This pattern is evident in healthcare with the expansion of digital health, where telehealth providers choose to continue working from home rather than returning to full-time employment in traditional healthcare settings. The Great Dispersion is evident where digital services drive an increasingly decentralized healthcare delivery.

Being Cybersecure in the Midst of the Great Dispersion

Virtual care sessions bring telehealth providers to patients who no longer are required to visit hospitals, clinics, agencies, or private offices for many services. While dispersion ensures greater affordability and personalization in healthcare services, it also provides a feeding ground for many challenges to telehealth security.

Telehealth faces additional cybersecurity challenges because patients, clients, and providers have their own devices, operating systems, information technology systems, apps, and system security protocols. Many clients and patients are also now “dispersed” and able to access care from their homes, which further increases vulnerability to privacy in the form of family and friends gaining access to communications of various types.

Great Dispersion & Lack of Centralized Healthcare Cybersecurity

The rapid move to the digital world has unraveled problematic issues over telehealth cybersecurity. In a Harvard Medical School report published in the American Medical Informatics Association Journal, researchers Mohammad Jalali, Adam Landman, and William Gordon reported heightened threats and substantial concerns over privacy and information security. Approximately 30% of telehealth providers have compromised their patient’s personal information during virtual sessions. The report calls for efforts to address healthcare cybersecurity risks and make the technology infrastructure resilient to deliver safe and effective virtual care.

The lack of a visible and effective centralized security control system opens potential entry points for information leaks, distributed denial-of-service attacks (DDoS), and ransomware attacks by hackers, cybercriminals, and other evildoers. From choosing inappropriate payment systems (see PayPal, Venmo & Zelle: HIPAA Compliant Payment Methods?) to HIPAA-compliant texting, email, or voicemail systems, to meeting HIPAA’s password protection requirements, many clinicians have fallen behind. 

Why Telehealth Providers Are Prone to Healthcare Cyberattacks

Given the growing number of healthcare cyberattacks, attention to telehealth cybersecurity is imperative. Unknown to many healthcare providers using technology, serious risks are present in many day-to-day activities conducted by the average practitioner. According to the Kaspersky survey, 29% of healthcare practitioners are likely to share medical information over email without a password.

Consider these additional facts discussed in the Kaspersky survey:

• Telehealth providers deal with sensitive health-related information that fetches a good amount of money for a hacker.
• Due to the pandemic, the rapid expansion of telemedicine has stretched telehealth providers, prioritizing patient care over securing their technological infrastructure.
• Cybercriminals have successfully procured hefty ransoms by breaking into digital healthcare networks and forcing servers down.
• According to the survey, cost considerations and compatibility issues drive 73% of healthcare providers to continue using digital equipment with an outdated operating system, making a healthcare cybersecurity system vulnerable to exploitation.
• More than half of telehealth consumers are concerned about insecure apps and other technologies used by telehealth providers.
• Most telehealth providers are still in the learning stage and have yet to adopt the best telehealth cybersecurity practices for safe and secure virtual care. 
• Practitioners could easily eliminate most of these risks if they took a few easily-implemented steps to make themselves cyber secure.

Healthcare Cybersecurity Suggestions

Healthcare providers, health IT staff, CEOs, and board members play essential roles in cybersecurity. Interventions need not be complex. Suggestions include:

• HIPAA requires a single party to be responsible for securing both internal and remote healthcare environments. This party is known as the “HIPAA privacy officer” and is sometimes is referred to as a chief privacy officer (CP ). This position must be identified in writing. With independent practitioners, the proper POC is the clinician. The role of the POC is to exercise a strict vigil over digital systems, maintain the best possible cyber hygiene, reinforce technological infrastructure, and identify and address security issues before they can lead to trouble.
• Telehealth providers should also consider cybersecurity training as they are at the frontline and can prevent security attacks.
• They can also educate clients and patients about different aspects of healthcare cybersecurity to ensure their protection.

Ultimately, it is up to healthcare delivery organizations and practitioners alike to ensure that their systems are safe, secure, and protect patient privacy. Balancing the significant privacy and information security concerns with the enormous potential benefits of virtual care during this pandemic will remain a vital component of the evolving response to COVID-19.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Read More