Telehealth services have proven to be an essential, socially distanced lifeline between patients and providers during the COVID-19 pandemic, but it’s important to keep in mind that they are also a potential avenue for cyber attack. While private insurers and the U.S. government rapidly extend access to telecommunication-based medical services for millions of patients and doctors, they are also creating an expanded digital footprint for cybercriminals to target.
To help the healthcare community understand and secure this growing source of vulnerability, Booz Allen’s cyber threat intelligence analysts are keeping a close eye on the rapid U.S. telehealth expansion and the opportunities that it presents to cybercriminals.
Technology Meets Healthcare
While the concept of telehealth predates the COVID-19 period, the outbreak has radically accelerated its actualization. As more patients demand and utilize telehealth and telemedicine solutions, private insurers and public providers such as Medicare and Medicaid are quickly adapting in response. The speed of this adaptation has been a boon to patients and clinicians, but it has also created significant challenges. With process and technology investments locked in, and demand for telehealth unlikely to dissipate even after the pandemic subsides, it's likely that this telehealth expansion will remain active and even growing for some time.
This is a good thing. Done right, telehealth makes accessing a doctor almost as easy as checking your email—all you need is a laptop or a smartphone and an internet connection. It holds the potential to improve medical service delivery, lower the cost of healthcare, enable better home management of health conditions, eliminate the hassle of frequent office visits, and more. But these benefits will require health organizations to store and process far more data, and greatly expand their digital infrastructures. To keep their patients, data, and IT systems safe in this environment, they must keep security among their top priorities.
Rapid Telehealth Growth Could Lead to Vulnerabilities
While patients and doctors see enormous benefits in the rapid rise of telehealth, hidden security challenges could result in risks that outweigh the rewards. The challenge of keeping patient information safe and secure on various telehealth devices is unfortunately one that has yet to be adequately addressed. Softer regulations such as relaxed security and oversight protections are another concern. Government organizations are stating openly that they may not enforce rules designed to protect patient data or conduct audits for new patient billing. The government’s decision to raise the possibility of waiving certain regulations designed to protect patient data has made the operating field more opaque. These examples are just the tip of the iceberg, but they make it plain that striking a balance between making telehealth accessible for millions and protecting privacy and infrastructure from hackers is not going to be easy.
How Cybercriminals Could Exploit Telehealth Expansion
Hastily put together telehealth systems could create a wealth of exploitable vulnerabilities for savvy cybercriminals. Relaxed regulatory enforcement could lead providers to leverage live video systems that do not meet HIPAA requirements. A compromised device might enable a hacker to:
- Commit medical billing fraud
- Illegally access live videos between patients and doctors
- Gain unauthorized entry into devices
- And hack cloud-based services where patient data is stored
Cybercriminals are likely already profiting from security vulnerabilities in our young and rapidly developing telehealth system. If health organizations and government regulators don’t make telehealth security a greater priority now, this exploitation will only grow, putting patients, doctors, and the nation’s healthcare infrastructure at risk.
Discover more emerging cyber threats to watch for in the coming year.