New Cyber Target: Telemedicine Services

New Cyber Target: Telemedicine Services

Cybersecurity photo illus. by Pixabay

This post is also available in: heעברית (Hebrew)

Telemedicine has never been more relevant. The use of telehealth technologies, including video conferencing, direct monitoring and treatment systems that report back to care teams (wearable heart monitors and insulin pumps, etc.) in dealing with the coronavirus can help lessen the demands on on-site healthcare resources while keeping sick or quarantined patients at a safe distance.  

However, cybercriminals saw it as an opportunity to exploit cloud-based tools and services that contain patients’ data and health records. The value of the data being transmitted between networks is what encourages hackers to target telemedicine practices. If this data is accessed by the wrong person, it may not only impact general performance but could also put patient care at risk.

The problem is that healthcare organizations using remote communications do not have full control or visibility into the network they are connecting to. Patients that use messaging apps or video conferencing to get medical care are likely to use a personal device designed for performance rather than security, and that is connected to an unsecured home or even public WiFi network.

A bill providing US federal funding to fight the COVID-19 pandemic was recently passed by Congress and signed into law by President Trump. Immediate limited waivers of certain HIPAA (Health Insurance Portability and Accountability Act) privacy provisions were announced to help improve patient care during the growing pandemic. For example, it’s now OK for providers to offer telehealth services through video chats.

Privacy attorney David Holtzman, from CynergisTek security consultancy, said: “Tucked into that bill were provisions known as the ‘Telehealth Services During Certain Emergency Periods Act of 2020,’ which permits the secretary of the Department of Health and Human Services to waive certain requirements in order to allow for some telehealth services – including treatment services provided through the use of smartphones, standard telephones, fax machines and e-mail – to be reimbursed by Medicare,” Holtzman was cited by bankinfosecurity.com.

Fortinet Healthcare cybersecurity company offers several telemedicine security tactics, according to backendnews.net:

  • An endpoint solution that provides integrated visibility, control, and proactive defense while providing secure remote access with a built-in VPN. This should be coupled with an endpoint management system to enable scalable and centralized management of multiple endpoints.
  • Identity and access management (IAM) products that are designed to confirm users’ identities and devices as they enter a network via certificate management, multifactor authentication, and single sign-on services.
  • Wireless management solutions that feature pre-configured access points for secure connectivity between a remote location and an organization’s networks. Combining healthcare wireless access point with a next-generation firewall should also be considered.  
  • A telephony solution that features integrated security controls designed to protect phone conversations between patients and doctors as well as business data. 
  • A network authentication solution that enables remote workers to access their organization’s networks at scale. 
  • A next-generation firewall solution that consolidates various security capabilities, while reducing complexity and meeting performance needs.