A report released in early September from SecurityScorecard and DarkOwl found that telemedicine an telehealth systems are increasingly the targets of cybersecurity attacks. The recent events related to COVID-19 that caused millions of clinics to shut down and rapidly adopt telemedicine and telehealth solutions may even add to the risks. If your clinic has adopted or increased its telemedicine and telehealth offerings, here’s what you need to know to protect your practice and your patient’s data.
Risks Increase as Clinics Adopt and Expand Technology
Physicians are used to the idea of triage—determining the most important concerns or things that are most life-threatening for a patient and treating those things first. As the novel coronavirus COVID-19 hit, millions of clinicians applied the same type approach to their practice: finding a way to continue providing care to the patients most in need even when in-person or face-to-face visits weren’t an option because of local shutdown orders or risks to the patient.
For most, that meant rapidly expanding or adopting telemedicine for the first time. It didn’t always mean carefully vetting those technologies and software systems for security risks.
It made sense to address the most immediate concern (clinic shutdowns and continuity of care). But now it’s time to focus on other aspects of telehealth and telemedicine that might be putting your practice and patients at risk. Cybersecurity attacks targeting clinics through telemedicine software and telehealth systems are on the rise. Clinics that rapidly adopted or implemented new technology are more likely to have security vulnerabilities than those who took a more measure approach. If that sounds like you, here are some important steps to take.
Understand Where You are Most Vulnerable
Before you can conduct an appropriate risk threat analysis, it’s critical to understand all the ways your data could be at risk for hackers. This includes:
- Network security during data transmission
- Database security for information stored at your clinic or on your devices
- Internet connection and broadband security
- WiFi hotspots
- Remote access points and VPNs
As more providers and employees are working from home during COVID-19, you need to examine any additional security risks that might pose, including from non-secure home wireless networks or mobile devices.
Learn How You Might Be Targeted
Hackers are becoming more sophisticated, and many of the methods they use are targeted at your biggest weakness: the people who work in your clinic. Even the most well-meaning employees can inadvertently open up a security threat with a careless click or a non-secure device. Hackers often access your data through:
- Phishing attacks – realistic and convincing emails that include a link or an attachment, and often an urgent message about resetting a password or taking some other immediate action. Once the hacker has the password, they can access your system, install malware or ransomware, or simply steal data without your knowledge.
- Unsecured wireless networks – COVID-19 sent millions of workers into their homes or other remote locations, where wireless security might not be a high priority. A single unsecured network or easy-to-crack WiFi password could give hackers access to your system.
In part two of this blog post we’ll cover some of the ways you can protect yourself from the growing threat of cybersecurity during COVID-19. In the meantime, find out more about our secure telemedicine and telehealth software solutions at AdvancedMD.