Nilesh Chandra, healthcare expert at PA Consulting, comments on telehealth cybersecurity risks.
The article notes that as telehealth usage has skyrocketed during the COVID-19 pandemic, cyberattacks, fraud and abuse have emerged as threats to its future growth.
The U.S. Department of Health and Human Services temporarily relaxed regulations in March so that providers could reach out to patients more easily through services such as Apple Inc.'s FaceTime or Skype Inc.'s video conferencing platform.
This change helped accelerate telehealth's growth during the pandemic, according to Nilesh. However, the relaxed regulations should prompt doctors and patients to be more careful in consultations since it is possible that bad actors could interrupt sessions and gain access to private patient information.
A Sept. 10 report released by cybersecurity firm SecurityScorecard Inc. and darknet content monitor DarkOwl LLC showed that between the second and third weeks of March, when the pandemic was accelerating in the U.S., searches on the dark web for telehealth company names and key words — like Teladoc Health Inc., Doctor on Demand Inc., Amwell and PlushCare Inc. — climbed 144%.
Telehealth companies saw a 117% surge in IP reputation security alerts caused by malware infections from phishing attempts or other cyberattacks, according to the report. Meanwhile, the healthcare industry overall saw a 77% decrease in these same incidents, suggesting steps have been taken to reduce risk.
Nilesh said that a more likely and more dangerous cybersecurity risk, however, is a ransomware attack or system breach within healthcare systems. "In those sorts of situations, a lot more data is exposed and a lot more patients are impacted versus in a one-on-one setting between one doctor and patient."
Universal Health Services Inc., one of the largest healthcare providers in the U.S., was forced to shut down its IT applications in the country after a cybersecurity incident Sept. 27. In June, a representative from Providence St. Joseph Health told S&P Global Market Intelligence that external attacks and phishing attempts on its system had risen 50% since the pandemic started.
Data breaches and cyberattacks can result in stolen patient information and compromised internal IT systems, but companies can also be on the hook for steep penalties if they act negligently or do not appropriately protect their systems.
Telehealth – evolving the way we receive care