Accelerated Telehealth Use During COVID-19 Raises Security Risk

September 16, 2020 - SecurityScorecard and DarkOwl LLC recently released a report, which found that the rapid increase in telehealth use during the COVID-19 pandemic has led to an increased data footprint, leaving both provider and patient data at risk. 

The report, “Listening to Patient Data Security; Healthcare Industry and Telehealth Cybersecurity Risks Report,” indicated that telehealth providers have seen a significant increase in targeted attacks as popularity in the services increased.

Researchers looked at the 148 most-used telehealth vendors and found that there was a 30 percent increase in cybersecurity findings per domain. 

There was also a 117 percent increase in IP reputation security alerts, a 65 percent increase in patching cadence findings, and a 56 percent increase in endpoint security findings, among others.

HHS released a brief that touched on the number of telehealth primary care visits during the pandemic, which increased 350-fold from pre-pandemic levels.

"While telehealth is an integral part of maintaining social distancing and providing patient care, it has also increased healthcare providers' digital footprint and attack surface, which we see with the increase of findings per telehealth domain, and in factors like endpoint security," Sam Kassoumeh, COO and co-founder of SecurityScorecard, said in the press release. 

"It's an indicator that healthcare organizations should continue to keep a focus on cyber resilience."

DarkOwl’s individual research showed an increase in mentions of major healthcare and telehealth companies across the dark web since February of this year.

There was also evidence of threat actors selling electronic patient healthcare data, researchers said, including malware toolkits that targeted telehealth technologies and ransomware that are wired to destroy healthcare IT infrastructure.

"Since the onset of the pandemic, cybercriminals are entering the healthcare data selling space which ultimately leads to new risks facing healthcare organizations and their IT supply stream. Threat protection teams must remain one step ahead of potential attackers, especially during this critical time,” said Mark Turnage, CEO of DarkOwl. 

During the pandemic, there has been an increase in telehealth, mobile tech, and remote care in temporary hospitals, which has expanded the threat landscape and put important healthcare data at risk.

Cybercriminals have already worked to take advantage of the new landscape, and have targeted virtual private networks (VPNs), cloud service platforms, and remote workers.

Experts believe that healthcare organizations must be monitoring their systems to ensure they’re protected from these rising threats.

“Remote medical facilities have expanded their attack surface beyond the traditional network perimeter, creating the perfect storm for hackers to exploit vulnerabilities,” said Jake Olcott, BitSight vice president of communications and government affairs.

“Given the recent rise in cyber threats against hospitals, this is a major problem: The larger the attack surface, the easier it is for a threat to become reality. A critical patient’s loss of life should not be due to the weak security of the building they’re in.”

In the past, care providers had more visibility and control over what users were allowed to do on the network, as it was contained to the organization’s perimeter, noted Brian Foster, senior vice president of MobileIron.

He explained that the pandemic has forced entities to address these issues faster than initially planned. It is likely that there is a lack of necessary security provisions required to protect provider and patient data. 

Experts mentioned some ways that organizations can combat some of these potential risks, including improving visibility, educating employees, and employing strong password policies to harden enterprise defenses.

“To get visibility and control into the new picture, accessing data through the cloud, the question becomes where do you insert that control,” Foster said. “Certainly, with telehealth, device security becomes very important for those healthcare organizations, with internal tools to handle those exploits.”