Recently, Mark Warner, the current chairman of the Senate Intelligence Committee, released a report highlighting the cybersecurity risks faced by healthcare organizations in the digital age, and what those organizations can do to strengthen and fortify their defenses against the threat of cyberattacks.
This three-section report called the healthcare sector “uniquely vulnerable” to cyber security threats, and delves into:
- The recommendations that the federal government should consider to strengthen its cybersecurity leadership and improve HIPAA regulations.
- Recommendations of cybersecurity hygiene best practices that should be considered by private healthcare organizations.
- Systemic policies that could help the overall healthcare sector better respond to cyberattacks.
This report was recently publicized by outlets like The Hill and Kaiser Health News, but if you’re a patient who has interacted with the American healthcare system over the past two years, it probably isn’t news to you how increasingly popular digital telemedicine resources have gotten.
According to the American Hospital Association, the rate of telehealth resource usage has stabilized at over 38 times higher than where it was prior to the COVID-19 pandemic. That is extraordinarily good news for healthcare accessibility across the country, but could it also mean that healthcare providers and their patients are now put at extraordinarily greater risk of cyberattack?
Let’s assess the risks faced by both patients and providers in the current telehealth landscape, and what both parties can do to mitigate those threats.
Telehealth Cybersecurity Risk Assessment
Ostensibly, there are three categories of cybersecurity threats that endanger the integrity of healthcare organizations:
Ransomware is a form of malware that blocks or limits access to important data and computer systems until the victimized party pays the attacker a large sum of money. Major healthcare providers are frequent targets of such attacks, oftentimes more than other industries, because of the sensitive patient data they regularly interact with.
Unfortunately, as telehealth usage has exponentially grown over a relatively fast time frame thanks to the pandemic, so too has the continual threat posed by ransomware attacks. According to a recent independent survey conducted by the IT security firm Sophos, which polled 5,600 respondents across 31 countries, the rate of these types of cyberattacks has effectively doubled over the past two years alone. Yikes!
Hospitals face the gravest dangers from ransomware, arguably more than other medical institutions, as these attacks can target medical devices and equipment that are vital to properly caring for patients and potentially saving lives. That said, the greatest cyber threats posed to patients and providers are oftentimes the ones that hide their true threatening nature until it’s too late.
Cyber attacks which rely on phishing scams, social engineering, and Trojan malware to find inroads into attack vectors do precisely this. Unfortunately, the preponderance of these incidents is only increasing with the increased complexity and usage of digital healthcare solutions. A comprehensive survey conducted by the Healthcare Information and Management Systems Society (HIMSS, not to be confused with Hims) found that 45% of healthcare providers suffered from phishing attacks.
Furthermore, an analysis conducted by the software vendor SonicWall ascertained that cyberattacks on healthcare IoT (Internet of Things) infrastructure increased roughly 123 percent - in the last year alone! But if those aforementioned cybersecurity stats aren’t enough to convince you of the growing problems facing growing telehealth solutions, let's run through a few more.
Telehealth Cybersecurity Breach Statistics
Per Statista’s most up-to-date figures:
- The average cost of even a single healthcare data breach can run up to $10.1 million USD
- Phishing is statistically the most pervasive method of healthcare data breach
- The largest healthcare data breach in U.S. history compromised a staggering $78.8 million records
- Healthcare ranks among the top 10 most likely industry sectors to be targeted by malware and cyberattacks
- Just over 1/4th of surveyed older adults in the United States (27 percent) reported having privacy concerns prior to their first telehealth appointment
Now that we’ve examined the gravity of the problem, let’s examine a few potential security solutions that could stand to benefit patients and providers.
Healthcare Cybersecurity Best Practices
Here are some recommendations for health providers to strengthen their cyber security protections:
- Educating and empowering staff on the best cyber hygiene strategies
- Segmenting medical technology to prevent malware spread across systems
- Enhancing encryption, data backups, and testing emergency prevention plans
- Improving your organization’s overall antivirus software and intrusion detection
- Unifying your organization around the shared goal of good cybersecurity and hygiene
Obviously, healthcare data breaches aren’t only bad news for providers, but the patients who trust those providers to keep their medical data safe and secure. The good news here is that patients can implement a number of different cybersecurity practices to keep their data safe and secure, inside and outside the doctor’s office, such as:
- Keeping all of their hardware and software up to date
- Using antivirus and anti-malware software systems
- Implementing encryption and virtual private networks
- Not overusing the same passwords, or simple passwords
- Protecting accounts with 2FA (two-factor authentication)
- Not clicking on suspicious links or opening suspect emails
As a telehealth patient, you deserve affordable care you can trust to deliver and respect your fundamental rights to privacy. That’s why we only recommend reliably secure, encrypted direct-to-patient platforms like Sesame Care.
Safe, Secure, Sesame
Read our full review to find out more about Sesame’s all-in-one online doctor, pharmacy, and therapy platform, and sign up with the Sesame Care promo code “SESAME15” to receive 15% off most services.