The massive expansion of telehealth services in response to the pandemic is likely to change the way bad actors target data. Cybercriminals
A new report from Booz Allen Hamilton notes that telehealth security is a patient safety issue, considering the potentially catastrophic risks that come with service disruptions and device failures.
“Mass adoption of this technology will lead to new cybercrime focus, with an emphasis on stealing patient data to enable fraud, target health data in ransomware attacks, trick patients in social engineering schemes, and target remote patient monitoring devices,” wrote the report authors.
WHY IT MATTERS
The COVID-19 crisis triggered an enormous boom in the use of virtual care, aided by federal regulatory flexibilities.
“Large U.S. technology firms are moving into the telemedicine field, pushing platforms that integrate once disparate databases used for billing, scheduling, patient data, and that facilitate patient-provider collaboration,” the Booz Allen Hamilton report authors observed.
But with that boom, say experts, comes risk.
“The use of telehealth more widely will result primarily in cybercriminal activity targeting these systems or devices for monetary benefit,” according to the report.
“As home-deployed medical devices assume the risks of other internet-of- things (IoT) devices but transmit essential data used in medical diagnoses, they may pose the most significant risk for patients,” the researchers added.
The risks include billing fraud, ransomware, phishing and credential theft. To keep patient and employee data safe, the authors advised, organizations should build security considerations into every layer of the telehealth ecosystem.
Health systems should also evaluate the security policies of third-party vendors – some of whom may have been unprepared for the rapid shift to virtual care; implement robust user authentication measures and device security management; and instruct patients on how to properly configure and install RPM devices.
Booz Allen Hamilton also noted the role 5G availability will play in cybersecurity – important from a healthcare perspective given potential industry reliance on mobile hotspots and increased connectivity of smart medical devices.
THE LARGER TREND
This isn’t the first time the spike in telehealth use has been flagged as a potential security concern.
In September, a study from DarkOwl and SecurityScorecard called telemedicine the biggest threat to healthcare cybersecurity.
And earlier this year, experts told Healthcare IT News that the rapid rollout of virtual care solutions was like “blood in the water” for bad actors.
“Any time you make a change to an IT environment, you have the potential to increase risk,” said Andy Riley, executive director of security strategy at the managed-security-services vendor Nuspire, in an interview with HITN.
“When you introduce rapid change, that potential goes up rapidly,” Riley added.
ON THE RECORD
“The healthcare industry is at a critical inflection point, as connected care has the potential to transform the clinician and patient experience,” said Booz Allen Hamilton researchers. “However, the rapid expansion of telehealth services creates new risks for patient safety and enterprise security. “Including the right information technology and information security representatives in the planning process and building in end-to-end cybersecurity measures are essential to take advantage of the current telehealth momentum while mitigating potential threats,” they said.
Cybercriminals Cybercriminals Cybercriminals Cybercriminals Cybercriminals