The State of Telehealth and Cybersecurity In 2021
What Does Telehealth Bring to the Table?
Telehealth is the all-encompassing service that brings all other forms of tele-applications in the healthcare industry under the same umbrella. Telehealth deals with everything from the provision of patient information and care to the remote monitoring of vital signs and deployment of healthcare practitioners to cases where physical presence is important.
The telehealth applications have grown massively to include everything from diagnosing the patient, providing information about their health or related conditions to getting them to the nearest possible healthcare provider.
This cuts back on the waiting time that patients used to have to endure in the hospitals and clinics, helping them to get better and faster access to healthcare solutions. For the doctors and other healthcare practitioners, telehealth also provides a more flexible way of working for them, eliminating burnout and improving the satisfaction that comes with their roles.
In short, telehealth has leveraged technology as a bridge between ready medical services and the huge market demand for such.
What Technologies does Telehealth Leverage?
Understanding the various forms of technology involved in the telehealth industry is crucial to protecting against the breaches and attacks that can occur in the niche.
Of the most common ones, we have the following pieces of tech:
Smartphones
The rate of smartphone adoption is exploding, so it makes sense that they are at the top of this list.
It is estimated that some 77% of Americans own a smartphone, which has to be one of the largest percentages in the world. Even at that, the regions with a relatively low adoption still have a good number to write home about.
With that number in play, it is a no-brainer to develop telehealth tools that could be used and deployed right from the mobile phone. Dubbed mHealth, these various applications are geared towards:
Helping patients track their vital signs by themselves
Taking and recording patient measurements for better reporting when seeing a doctor
Accessing healthcare services around.
Some of the apps that have been developed in the mHealth scene have been targeted towards all of:
Tracking pregnancy stages and providing information on what to do
Managing sugar intake for diabetic patients
Recording activity levels for obese/ overweight patients
Tracking calorie and other food intake metrics
Following period flow times, and much more.
Remote Patient Monitoring (RPM)
We have more patients than we have doctors and healthcare practitioners and it seems that the number is only going to keep soaring.
That might make it impossible for the healthcare attendant to deliver the top quality of care to the patient at the granular level that they will need to execute operations.
After all, the time a doctor would spend on call checking on a patient could be better spent with a new patient that just walked in.
This unique situation gives room for a new way to manage the patients better without using up too much of the doctor’s time. That is where RPM systems come into play.
Depending on the condition/ unique case of the patient, these RPMs can be configured to do different things.
From wearables that remind patients to weigh themselves at different times to other medical devices prompting them to take their insulin injections, the possibilities are endless.
It gets better:
The devices can also prompt the patients to administer self-test kits and collect personal data that will help them when next they go in for a check-up. Instead of bothering the healthcare facilities with all of that, the patient can now show up with relevant data to get even better, personalized healthcare.
Store and Forward
In some instances, the doctors and other healthcare specialists needed in the same case are not in the same location.
Rather than wait for the other parties to be in the same room before patient care can be delivered, store and forward systems get the job done. In other words, it is like Google Docs for the healthcare facilities which allows different talents to collaborate on the project at the same time.
CAT Scans, patient reports, X-rays, and such other data can be captured and sent through the store and forward system. The other authorized parties get access, evaluate the current situation and provide their professional opinion in real-time.
This saves travel time, resources and keeps the healthcare engine well oiled.
Teleconferencing
Why go into the hospital to see your doctor when you can set up a video conferencing session for them?
Cases like the pandemic should prepare us for the future where we don’t need foot traffic in a space to get things done. Solutions like teleconferencing are the best way to make that happen.
From the comfort of wherever you are, you schedule a meeting with your doctor and get to see them in real-time. You go over all of the health concerns that you might have and they give you actionable advice on what to do.
This technology is also a better healthcare solution for those who do not naturally have access to healthcare from where they are. While the former case was one of convenience, this is one of necessity.
For example, military personnel that are deep in the jungle might not have the luxury of going to see a doctor. The same is true for inmates or dwellers in rural areas. Enter teleconferencing and all those problems become something of the past.
Cyber Risks Facing Telehealth Devices
Only speaking on some of the various telehealth devices shows us how important they are to the patient care of now and the future.
It is, however, saddening to note that hackers are always after these systems for the data that they can mine.
Between the years 2019 and 2020 alone, there was a massive 55% surge in healthcare breaches and attempts in the US alone. How do these happen – and what ways do the hackers employ to get into these otherwise locked down systems?
Older Technologies
Digital solutions have been here for the healthcare industry for some time now. It, however, took the COVID-19 pandemic to catalyze the adoption of those models.
Rushing into things that way meant that the healthcare facilities had to rely on their old hardware and software to run the current applications.
That would not have been a huge source of concern on its own if these did not make the work easier for hackers.
Advancements happen in technology not to give us shiny new things, but to show us how better things can get. The same is true for older and newer tech where things can get better in the way of security that we enjoy on them. This is the reason why manufacturers update their software to patch vulnerabilities and exploits too.
Multiple Gateways
The more users on a platform, the easier it gets for hackers to gain access.
It is a classic tale of ‘a chain is only as strong as its weakest link’ all over again.
Some telehealth facilities can be accessed by both the healthcare providers and the patients themselves. This means that hackers have multiple points of entry into such systems.
Even if the healthcare facility is locked down against attacks, chances are that the patients are not taking the same level of precautions. Thus, they become the weak link in the entire system.
Ransomware Attacks
Before the recent COVID-19 pandemic, the healthcare industry has been suffering a pandemic of its own – ransomware.
Threat actors going after healthcare with this attack leverage the fact that the organization needs 24/7 access to patient data to deliver its services right. Likewise, there is a high chance that they do not want to disclose the situation to their patients and the general public.
In both cases, it is certain that they pay the ransom.
This informed one of the regulations around healthcare providers to NEVER give in to ransomware attacks anymore. After all, that will only encourage these threat actors to continue in that format and hope to get paid big.
Ignorance
Strange as it may seem, ignorance is one of the biggest cyber risks that face the healthcare industry in multiple ways.
Here, there is enough of the ignorance blame to go around – and it is not supposed to be an excuse either.
To start with, most healthcare personnel are ignorant of how their simple acts could leave the door open for an attacker to do their thing. They focus so much more on executing their direct services (as healthcare practitioners) that they forget how much they are also responsible for the patient data on file.
On the other hand, patients also have a ‘default sense of security’ that hinders them from taking the right steps sometimes.
From thinking that their data is not worth anything to blatantly disregarding simple prompts to secure this data, the list is saturated.
Poor Encryption
Encryption alone could lock out a huge amount of the threats that this industry faces.
Both device and network encryption work hand in hand here.
At the initial height of the pandemic, Zoom bombing and other intrusions were common. Unauthorized users were getting access to private meetings, attending conferences where they had no business being and such.
The fault could be with the network (accessing telehealth services via free Wi-Fi networks, for example), from the device itself (using older tech as mentioned above), or from both sources.
No matter which it is, the fears remain the same.
Bulking Up Your Telehealth Security
Hackers are on the prowl. Likewise, security researchers maintain that at some point, technology will always fail. After all, there is always someone on the other end of the pipeline working hard enough to find exploits to game the system with.
However, that does not mean you cannot do anything about the situation.
For starters, try these:
Password Security
One of the biggest password myths is that they will soon be replaced by other forms of login.
We might have other forms of access already, but they are not threatening passwords at all. In fact, passwords remain one of the best security practices to employ today.
It is, thus, surprising to see how many treat their passwords as an afterthought.
From continuing to use the default passwords that come with their telehealth systems to reusing old passwords for the new accounts, the list of ill practices is almost endless.
Start by creating new passwords (use an online password generator for the best results) on all of your accounts. Secure the units with multi-factor authentication where possible too, so hackers cannot leverage a password breach alone to get access to your systems.
Secure your Network
Network encryption is a big issue in the telehealth industry.
While healthcare facilities themselves are beefing up their network security, the same cannot be said for everyone outside of the facility.
In the latter category, we have specialists working remotely and patients connecting to the telehealth platforms with non-secure networks.
No matter which side we are dealing with, using a VPN as a cybersecurity tool is one of the most underrated solutions here.
Besides other network encryption practices, the VPN model encrypts all data emanating from the network and prevents unauthorized access to such data.
Training
Members of staff need to be trained in not only their healthcare duties but how to combat cybersecurity also.
Many facilities have left this in the hands of their IT team alone. The fact is, hackers are not going after the guys in IT only but everyone connected to the healthcare facility. The sophisticated hackers know not to target the guys in IT at all so that they have a better shot at scoring a payday.
Cybersecurity experts should be brought in to teach the members of staff what they need to know about the different forms of attacks. From ransomware to phishing attacks, make sure all your bases are covered.
Creating Backups
As was mentioned somewhere in this piece, the healthcare industry needs unfettered access to the trove of its patient data if they are to function right.
In the case of a ransomware attack, that becomes impossible. Thus, healthcare providers are forced to cough up the ransom just to get their data back.
But there is a blind spot that you are not considering. Maybe two, even.
On the one hand, some ransomware actors get paid and never release the data anyway. On the other hand, they get paid – and they still copy the patient data to be sold on the black market.
The best way to beat such attacks is to have ready backups. If all else fails, that is.
In the instance of a ransomware attack, the system can be wiped from top to bottom (to lock the attackers out) and restored from backup.
Using New Technology
Cost is a barrier (an understandable one) for most healthcare industries when it comes to adding new tech to their systems.
However, consider this:
As of the end of the year 2020 alone, cyber breaches accounted for about a $6 trillion loss in the healthcare industry.
That is one pie that you do not want a slice of. It would be much better and cost-effective to simply embrace new tech now and reduce your chances of contributing to the breach.
Furthermore, just not any new tech is recommended.
Go for hardware and software manufacturers who have made a name and built credibility for themselves in the market. Maintaining such market status means that they push out updates and upgrades to keep their users safe against any attacks that might come their way.
Final Words
Unfortunately, we cannot stop hackers from trying to get their hands on patient data or attacking healthcare institutions for other reasons. What we can do is to slow them down in their tracks, nullify their threats and constantly be a step ahead.
Even for the times when they gain the upper hand, which is sometimes inevitable, there are provisions above for managing the situation better. Only by applying all that can you rest easier that you are not feeding the growing healthcare breach market nor putting your patient’s data at risk.
Now is a good time to start, and you’ll be grateful for it.
This post by Brad Smith appeared first on TurnOnVPN and is used with permission.
Brad Smith
About the Author
Brad Smith is a technology expert at TurnOnVPN, a non-profit promoting a safe and free internet for all. He writes about his dream for free internet and unravels the horror behind big techs.