Telemedicine Vulnerabilities Are a Dream Come True for Hackers
We have previously talked about the growing risks of data breaches in the healthcare industry. It is important to understand the growing risks that certain technological changes pose. According to one analysis, data breaches cost the healthcare sector $4 billion a year.
One of the biggest threats to healthcare security is telehealth. Hospital administrators and other healthcare professionals need to understand the security risks associated with telehealth services. This is essential to protect patient data and avoid HIPAA violations.
The Evolution of Telehealth Creates New Cybersecurity Risks
Telemedicine is the evaluation, diagnosis, and treatment of patients at a distance accomplished through telecommunications technology. During the COVID-19 health crisis, there was a dramatic increase in the use of telemedicine. The government added 135 services to the Medicare telehealth services list that could use telemedicine during the pandemic and promised not to pursue HIPPA violations in connection with the good faith delivery of telehealth services. The Assistant Secretary for Planning and Evaluation reported that telehealth adoption increased by nearly 50% in primary care during the peak of the pandemic. Additionally, nearly half of Medicare primary visits in April 2020 occurred through telehealth, as compared to only 0.1% in February.
How telemedicine looks and works has also changed dramatically over time. In the early days of telehealth, bulky medical equipment was used to monitor patients in primarily rural environments. Today, telehealth can be delivered through the use of much smaller and more accessible technology. However, this ease of delivery also makes telehealth systems potentially susceptible to hacking. Read on to learn about possible security risks of telemedicine and how you can protect yourself.
Technology Used by Hospitals and Medical Facilities with Telemedicine
Today, hospitals, doctors’ offices, and other medical facilities primarily use software, mobile apps, and video conferencing to deliver telehealth services. This basic technology allows doctors to have a face-to-face visit with a healthcare provider at a distance. The patient will also need to have basic technology, including webcams and microphones. Some technology has become a requirement with HIPAA, such as two-factor authentication.
Messages may also be sent through secured email. Patient portals and electronic health records allow patients to review their records. Doctors may use these records to consult with other healthcare providers about the patient or refer them to specialists. Cloud computing may store this information in secured servers. Technology used to deliver telehealth services continues to evolve as time goes on, including incorporating data from wearable technology
Is Patient/Doctor Confidentiality Broken by Telemedicine?
Patient/doctor confidentiality is not inherently broken by telemedicine. Doctors can use encrypted video solutions that comply with HIPAA. Patients who take their appointments in front of other people do break confidentiality, but they can easily avoid this by having their appointment in a private location.
Is Telemedicine Secured from Hackers?
Like any company that has access to confidential information about their customers or clients, medical facilities have the responsibility of securing this information. This requires them to use secure software, encryption, and other methods.
How Hacking May Occur in Telemedicine
Unfortunately, telemedicine creates a gold mine of data for hackers. Hackers may try to hack telemedicine systems to steal a patient’s private information, such as their Social Security number and other identifying information. They may also be able to obtain payment information from these records. Sometimes, hackers may even steal insurance information so that they can use it for their own health needs or commit health care frauds. Other criminals may try to steal private medical information about patients to sell it to companies or to blackmail celebrities or politicians. Ransomware may be used to lock up medical data unless the provider agrees to pay for its release.
The patient care analytics firm Protenus reported that hacking incidents increased by 48.6% in 2019 over 2018. More than 41 million patient records were breached in 2019. This coincides with the HIPAA Journal reports that data breaches of telehealth services have steadily increased since 2010. According to this source, 12.6% of the U.S. population have had their medical records exposed, disclosed without permission, or stolen. With the influx of telehealth services caused by COVID-19, there will likely be many more data breaches.
There are many ways that telehealth records can be compromised. Standard phishing attacks or the installation of malware on providers’ computers or other devices are common culprits. With more medical providers and staff working from home, there are possibly more access points and less secure networks. The apps that telehealth providers rely on can also be reverse engineered to steal data. Some telehealth software allows third parties to access data.
Signs Your Data Has Been Breached
Patients can watch out for the following signs that their private medical information may have been breached:
· You receive a medical bill from a doctor you did not see or for a procedure you did not receive
· You receive notice your bill has been sent to a debt collector
· Your insurer sends you a notice stating that you have reached your benefit limit
· Your insurance account lists a different address or unauthorized withdrawals· You are locked out of your online insurance or health care provider accounts
How to Prevent Data Breaches in Telemedicine
Telehealth providers are not expected to be IT specialists. However, the potential value of the information they maintain is covered by hackers, so they should consider ways to safeguard this data. A few ways to prevent data breaches in telemedicine include:
· Use only secured connections
· Use HIPAA compliant video conferencing connections
· Keep software and virus protection tools up to date
· Create an incident response plan
· Use encrypted messaging
· Train employees on safe cybersecurity practices
· Hire a cybersecurity firm
Telehealth Security Risks Must Be Addressed
Being aware of this potential problem and the ways to address it can help you keep your and your patients’ information safe. These risks are even more serious as telehealth becomes more common. You need to take all possible measures to guard against them.
Tagline: Telehealth services have created tons of new security risks, which must be addressed in 2020 and beyond.