Telehealth and Cyber Security
In our latest blog we explore telehealth, we look at how the events of the last 12 months have caused an acceleration in this relatively new technology and the potential cyber security issues it poses.
Telehealth has been making waves in America for some time and the United Kingdom and other nations have been slowly adapting.
Telehealth is described as “the delivery of health care services, where patients and providers are separated by distance. Telehealth, uses ICT (information communication technology), for the exchange of information for the diagnosis and treatment of diseases and injuries”.
The Covid-19 pandemic accelerated the use of artificial intelligence-based interventions to monitor patients when access to care was restricted. Artificial intelligence helps healthcare professionals care for patients at distance which removes the spread of infection from cross contamination. As well as removing the strain on healthcare service providers, being able to monitor patients remotely to offer care and maintain their health is fundamental to society for so many reasons, and it does not take a genius to understand why. As well as helping healthcare providers care for the communities they serve, it can also be a brilliant tool in helping reduce business cost.
Just look at the likes of Dental Monitoring, and Health Hero’s, who boomed throughout the pandemic, because they helped treat patients remotely, still making money and providing care to their patients without the need for a practice visit.
During the first quarter of 2020, the number of telehealth visits increased by 50%, compared with the same period in 2019, with a 154% increase in visits noted, compared with the same period in 2019. During January to March 2020, most encounters were from patients seeking care for conditions other than Covid-19 (Centre for Disease and prevention, 2020).
As the data dictates, healthcare providers have been quick to adopt this way of working through 2020 and who can blame them. This digital boom was predicted to hit in 5 to 10 years’ time but Covid-19 accelerated this advancement within a matter of months.
Artificial intelligence is a digital transformation that we should be embracing and applauding. However, sadly, inadequate safeguards are in place to protect patient’s data. As we know, telehealth interventions use the connectivity of the internet to send information from patient to healthcare provider and this data sadly runs the risk of inception. Patients are also using their own home networks, on their own devices, to facilitate this movement of data which are often unsecure. In addition, some health care providers are using unsecure networks which is music to the ears of cyber criminals. Biometric data under the EU GDPR (General Data Protection Regulation) is considered a “special category of personal data” that requires both a special legal basis for processing and an accompanying data protection impact assessment”.
Research from Security Scorecard and Dark Owl, showed a surge in attacks on telehealth vendors (representing a 30% increase in cybersecurity findings per domain during Covid-19).
Check Point Software Technologies, further highlighted that through Covid-19, cyber-attacks went from 5,000 a week to 200,000. A staggering and alarming rise that we can’t ignore.
So what is the answer?
Prevention, prevention, prevention. People think their current fire wall is all they need. Wrong. Even with a fire wall your network is still at risk. Why? Malware attacks are the most common occurrence and these come into your network through emails. These emails contain some of, or a combination of viruses, trojan horses, worms, spyware/adware, phishing, and pharming. Your current file firewall won’t protect you from these breeches.
Controlling your patients’ devices, that they use to send the information you receive is an impossible task, but that does not mean you can’t employ best practice to encourage healthy behaviours when sending and receiving sensitive data. It is your responsibility to educate teams and patients to what these cyber threats look like. Investing in this education is important and is a small price to pay in comparison to the cost of an attack.
In addition to education, which should be ongoing just like CPD for cross infection and CPR, you need to protect your practice infrastructure, that stops attacks at the perimeter before it’s too late. This can be achieved through using technologies that detect and prevent attacks at the perimeter due to multi-layered security, defending your data from evasive and persistent attacks.
So, in summary, you need to talk to your I.T. provider to explore how you can work safely. Assuming you are without preforming some form of penetration testing (or pen testing, as its sometimes called), which performs an in-depth investigation of the infrastructure or connected devices, is careless and only puts your patients and company assets at risk.
To keep updated on similar insight from Claritas, follow us across our four social media channels: