A recent study done by DarkOwl and SecurityScoreCard found there was a significant risk to provider and patient data due to the increased usage of telehealth. It seems as the number of telehealth users increases, so does the number of cyberattacks on telehealth.

Telehealth Adoption in the Face of COVID-19

Since COVID-19 hit more and more patients have turned to telehealth vendors for their healthcare needs. Statistics show that over 43 percent of primary healthcare visits in April were done using telehealth. Compared with less than one percent in February, that shows a significant increase in patients choosing telehealth. While the adoption rates differ across the U.S., more urbanites were likely to choose telehealth for their healthcare needs over rural patients.

In-person visits to medical facilities declined about 60-70 percent during the weeks following the COVID-19 pandemic. Yet, telehealth usage increased from nine percent to 51 percent. That was about 1.28 million telehealth care visits per week, according to the study. The increase of telehealth users was 350-fold to that of pre-pandemic levels.

Why Cyberattacks on Telehealth are Increasing

As the number of patients using telehealth options increases, so does the accumulation of private, and valuable, data in the hands of telehealth vendors.

Some of the most common findings in the DarkWeb survey include:

• 117 percent increase in IP reputation security alerts
• 65 percent increase in patching cadence findings
• 56 percent in endpoint security findings
• 16 percent increase in application security findings
• 42 percent in FTP issues
• 27 percent in RDP issues

In addition, the survey found that chatter about telehealth on the dark web has gone up since February. There has also been evidence that cybercriminals are specifically targeting telehealth organizations. This includes malware toolkits that have been developed to attack telehealth tech as well as types of ransomware designed for cyberattacks on telehealth and healthcare IT infrastructure.

Those behind the study advise telehealth and healthcare organizations to remain vigilant to cyberattacks.

“While telehealth is an integral part of maintaining social distancing and providing patient care, it has also increased healthcare providers’ digital footprint and attack surface, which we see with the increase of findings per telehealth domain, and in factors like endpoint security,” said Sam Kassoumeh, COO and co-founder of SecurityScorecard. “It’s an indicator that healthcare organizations should continue to keep a focus on cyber resilience.”

Mark Turnage, CEO of DarkOwl added that an increase in telehealth usage would attract new risks and a higher potential of cyberattacks on telehealth.

“Since the onset of the pandemic, cybercriminals are entering the healthcare data selling space which ultimately leads to new risks facing healthcare organizations and their IT supply stream. Threat protection teams must remain one step ahead of potential attackers, especially during this critical time,” he said.

How to Prepare Your Healthcare Organization

Telehealth is a key component in providing patients with a range of services to meet their needs and help them manage their health. Yet, cyberattacks on telehealth is a real threat. Healthcare organizations need to take steps to protect patient and provider data. Here are some ways that you can prepare your healthcare organization and protect against possible cyberattacks on telehealth.

• Secure the network. Ensure that firewalls and intrusion detection systems are installed to secure the network. To provide additional network security, use secure logins for patients and providers. This should include multi-level authentication and security questions to protect sensitive data.
• Data encryption. Telehealth vendors collect a vast amount of data from patients and providers. Protecting that information is vital. One of the best ways to do that is to use encryption for the data. This will ensure that even if a cyberattack occurs, criminals will not be able to make sense of the information.
• Another way to keep data protected is to use authentication to control access. Authentication methods are designed to prevent hackers from gaining access to data. Requiring passwords or PINs to be used by patients and providers can help protect information. Telehealth vendors that are equipped can also set up biometric methods of authenticating users before they can gain access to information. This adds an extra layer of protection around data because biometric identifiers, such as a fingerprint, are impossible to duplicate.
• Using Virtual Private Networks for connections is a key way to protect your telehealth data. VPNs are a secure way for others to remotely connect to your network. Data will be encrypted before it is shared, which is an essential element to keeping information safe.
• Update often. Software developers regularly release updates and it is important that telehealth vendors run the most current software available. These updates usually contain security patches to help protect your system and your data from cyberattacks.

Wrapping It Up

As the number of patients and healthcare providers using telehealth services increases, so too does the risk of a cyberattack on telehealth. Research has discovered that there has been an increase in chatter on the dark web with regards to telehealth. As telehealth continues to gain wider acceptance among patients and providers, it is important to protect information that is collected by telehealth vendors.

By using encryption, authentication, VPNs, and updating software regularly, telehealth vendors will be able to ensure valuable data stays out of the wrong hands in the case of a cyberattack on telehealth.