Telehealth poses big cybersecurity dangers, Harvard researchers warn
A Harvard Medical School team published a letter in the Journal of the American Medical Informatics Association this week warning of the "substantial" information security concerns around telehealth.
The authors, led by organizational cybersecurity researcher Mohammad S. Jalali, note that the uptick in telemedicine services has undoubtedly made healthcare more accessible – but that the relaxation in regulations about virtual care combined with a heightened threat landscape can spell trouble.
"As we continue this shift to telemedicine, new issues and risks unravel that need to be addressed, particularly in regard to information security and privacy, and ongoing work is needed to ensure that our technology infrastructure provides an environment for safe and effective care delivery," they wrote.
WHY IT MATTERS
In their letter, the researchers note that the U.S. Department of Health and Human Services lifted several restrictions on the use of communication apps – such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts, Zoom and Skype – for telemedicine.
These relaxations have of course made it easier for many patients to access virtual care. But they've also raised concerns about inadequate data protections, particularly when intruders made headlines for entering video conferences, in incidents known as "Zoom bombing," earlier this spring.
The research team also pointed to recent warnings from government agencies about the possibility for cyberattacks against the healthcare sector. To protect against these kinds of threats requires a multi-pronged approach, wrote the researchers.
Awareness, of course, is vital: Employees should be trained to watch out for attempted cyber threats, particularly via phishing emails. Organizations should also follow best-practice security behaviors, including encrypting data, keeping software updated, running antivirus software, using two-factor authentication and following local cybersecurity regulations.
The team also recommends transitioning from consumer video conferencing tools to healthcare-specific products. "Enterprise-grade software versions may include key security features such as encryption, and may offer additional configuration settings that can be standardized for the entire organization, such as requiring a waiting room with every teleconference," wrote the researchers.
THE LARGER TREND
Cybersecurity experts have frequently warned against the potential dangers telemedicine may incur, with one noting that the rapid spin-up of telehealth could act like "blood in the water" for bad actors.
ON THE RECORD
"Executives need to be willing to invest fully in cybersecurity throughout the organization. Emerging fields, such as artificial intelligence, the Internet of things, and blockchain can also be employed as prevention and detection tools to combat cyber threats more effectively," wrote the researchers.
"To leverage these technologies, healthcare organizations need to partner with telemedicine and cybersecurity vendors to understand how to best implement and use their infrastructure and products," they continued.