Security

How to Keep Telehealth Secure

The National Cyber Security Alliance offers tips to protect patients’ trust in virtual care.

Twitter

Brian Eastwood is a freelance writer with more than 15 years of experience covering healthcare IT, healthcare delivery, enterprise IT, consumer technology, IT leadership and higher education.

Telehealth has been a lifeline for many healthcare organizations during the COVID-19 pandemic, but broader access to virtual care has also contributed to increased security challenges.

Cybercriminals have been exploiting the pandemic from the beginning. A report released last fall by SecurityScorecard and DarkOwl noted an increase of more than 140 percent in mentions of telehealth-related keywords on the dark web in the third week of March 2020. Potential vulnerabilities in these systems include poorly secured endpoints, networks and IP addresses, along with uninstalled patches.

What’s more, consumer videoconferencing applications are prone to hacks that compromise patient privacy, researchers from Harvard Medical School wrote in December 2020’s Journal of the American Medical Informatics Association.

The impact of this inadequate security is reduced trust in telehealth technology. According to a CynergisTek survey, 48 percent of patients are unlikely to use telehealth again if their personal health data is hacked. Amid COVID-19, this could lead patients to seek an in-person appointment or to skip care altogether — both of which could have a negative effect on patient outcomes.

“We’re not too far from a future where people decide which health systems to go to depending on who protects their information the best,” says Kelvin Coleman, executive director of the National Cyber Security Alliance, a public-private partnership that promotes cybersecurity and privacy education and awareness.

To prepare for this future while addressing current threats, Coleman recommends that health systems invest in three key areas: solutions, processes and people.

Secure Remote Devices and Network Access Tools

IT decision-makers need to ensure their organizations deploy tools with the appropriate levels of security, says Coleman. “You should be protecting the integrity of the processes they’re using to collect information.”

That takes on added importance as administrative and clinical staff continue to work remotely and patients continue to log on for virtual visits, he notes.

For example, remote monitoring devices should support regular software updates, which will ensure patches are installed and security gaps filled. In addition, medical devices, along with corporate laptops and smartphones, should connect only to protected Wi-Fi networks, while enterprise systems should require strong passwords and two-factor authentication.

Make Security a Top Priority in Your Healthcare Organization

Responding to physical threats is a core part of hospital operations, and addressing cybersecurity should be as well.

“It has to be seen as a priority for the organization, just like a mission statement,” Coleman says. “People should embrace cybersecurity as a part of corporate culture, and not just another box to check.”

Just as hospital employees are prepared to respond to a fire or work in inclement weather, they should also know how to proceed in the event of a data breach or ransomware attack. That means planning for cybersecurity response can’t be limited to policies only, says Coleman; plans also need to include training processes, such as whom to report a malicious link to, how to check security settings and how to run a virus scan.

Healthcare Staff Have a Key Role in Risk Reduction

Investing in people involves more than just hiring the best and brightest. It also requires motivating employees to stay abreast of major threats and take simple steps to avoid them, Coleman says.

Organizations also need to understand that recent shifts in remote work, online learning and virtual care have made people more aware of how to safely use emerging technology, he adds. “We’re all adapting to new technology due to COVID-19, and we’re not going back anytime soon.”

Simpson33/Getty Images