Although a new report suggests that the healthcare industry slightly improved its security posture this year compared to last, it warns that increased provider reliance on telehealth since the COVID-19 pandemic now presents a new slate of risks to patient data.
The report, released Thursday from SecurityScorecard and DarkOwl, found that telehealth systems have experienced an enormous increase in targeted attacks.
“The rapid pace at which telehealth applications were rolled out during the pandemic made them attractive targets for cybercriminals,” said Sam Kassoumeh, COO and cofounder of SecurityScorecard in a statement provided to Healthcare IT News.
“Our report findings illustrate that in order for the healthcare industry to protect patient and provider data, vetting and enforcing security protocols around new technology providers remains paramount,” he added.
WHY IT MATTERS
The COVID-19 pandemic presented a multitude of juicy opportunities for bad actors, ranging from phishing attempts fueled by fear of the crisis to patchy work-from-home security practices.
The SecurityScorecard/DarkOwl report, which examined more than 30,000 healthcare organizations from September 2019 to April 2020, notes that the reliance on telehealth amplifies risk as well.
By reviewing the 148 most-used telehealth vendors according to Becker’s Hospital Review, it logged increased danger to patient data across application security, endpoint security, IP reputation, patching cadence and – to a slightly lesser degree – network security.
“Patients connect with telehealth providers using web-based applications that include structured and unstructured data. With the exponential increase in use of these applications, cybercriminals targeted them more purposefully,” researchers wrote.
Between January and April 2020, DarkOwl researchers noticed a significant upward trend in the number of dark web and deep web results containing mentions of the top 20 telehealth companies.
“The starkest increase in mentions of telehealth keywords was observed from the second to the third week of March, when there was a 144% increase,” according to the report.
Report authors also flagged endpoint security – including medical devices and COVID diagnostic devices – as a major concern.
“These devices enable remote connections between patients and healthcare providers while reducing contact, ultimately helping to limit the spread of COVID-19,” they said. “However … they also create data security and privacy risks as malicious actors attempt to infiltrate the devices to obtain health information.”
IP-reputation vulnerabilities and patching-cadence vulnerabilities also saw an increase as part of the telehealth pivot.
The only area that saw a decrease in the number of vulnerability findings was DNS health.
“Recognizing that most telehealth services operate over unprotected networks, most organizations likely sought to mitigate the risks by securing their DNS health,” wrote the researchers.
THE LARGER TREND
Security experts have pointed to the sheer speed of the mass pivot to telehealth as a cause for concern, calling the COVID-19 crisis “blood in the water” for cybercriminals.
“Any time you make a change to an IT environment, you have the potential to increase risk,” said Andy Riley, executive director of security strategy at the managed-security-services vendor Nuspire, in an interview with Healthcare IT News. “When you introduce rapid change, that potential goes up rapidly.”
Other experts have said cybersecurity is key to fulfilling telehealth’s promise, with data breaches likely to undermine patient confidence in the modality to the degree that they switch physicians or stop using telemedicine altogether.
ON THE RECORD
“Although healthcare professionals may be protecting physical health by using telehealth services, they also need to ensure they are not putting data health at risk instead,” wrote the researchers in Thursday’s report.
“From a dark web perspective, DarkOwl has knowledge of multiple organizations that have been breached during the pandemic that would likely include patient data and/or diagnostic research,” they said. “DarkOwl has also noted an increase in the use of ransomware as a service in 2020 and throughout the pandemic, with the healthcare industry emerging as a notable dark web target.”