Telehealth Surge Opens Doors for Cyberattacks: What to Know

May 1, 2020
The telehealth surge increases the potential for devastating cyberattacks

With many people around the world abiding by stay-at-home orders associated with the coronavirus pandemic, many must adjust to new ways of life. People go online to work, communicate with loved ones, shop for necessities and stay entertained during COVID-19 lockdowns. Many also turn to the internet for health care.

Thus, telehealth services are seeing demand spikes. Even before the coronavirus crisis struck, the idea of seeing a doctor from home appealed to many. Now, many people are exploring the opportunities of telemedicine because the risk of leaving the house for a nonurgent medical need is too great. 

The option is especially important for people with chronic conditions that may increase their risk of coronavirus complications. If those patients need prescription refills or want to chat with their physicians about new symptoms, a telemedicine service can make that happen. However, this telehealth boost increases the potential for devastating cyberattacks.

The emerging telehealth landscape could attract cybercriminals

The people who wreak havoc online often prioritize the attacks that cause the most damage and give them the biggest payoffs. The recent ramping up of telehealth services could make cybercriminals realize there's no better time to target the health care providers and patients using those services. 

For example, the United Kingdom's National Health Service (NHS) requested that the physicians at 7,000 offices in England switch to remote consultations as soon as possible. It made that decision, in part, to prevent people from coming to their appointments with the coronavirus and not showing symptoms yet. 

Banner Health launched its telemedicine platform on March 23 to respond to the COVID-19 crisis. More than 3,000 medical providers then used the platform for more than 10,800 remote visits in less than a month. 

Based on those statistics alone, it's easy to see why cybercriminals would set their sights on the telehealth sector. If that happens, though, people who already have limited access to health care due to the coronavirus could suffer even more. 

People may be less aware of online risks

Besides the increased interest in telehealth services, the coronavirus pandemic means people are doing things online that they previously only handled in person. That reality relates to cyberattacks because it means individuals — particularly those who are less tech-savvy — may be easier targets. Google recently announced it saw 18 million daily COVID-19 phishing attacks and malware threats via email in a single week, for example. 

A research team at Proofpoint also discovered evidence of COVID-19 scams directed at health care providers' strong desire to help during crises. What they found concerned a new kind of malware called RedLine Stealer that grabs information about a user's system and stored browser details — including passwords and credit card information. 

The investigators said the message asked readers to take action to help find a coronavirus cure. Medical workers were not the only group to get the email but were among the primary recipients. If a physician recently started using a telehealth service, they may feel overwhelmed by the newness of everything. Cyber risks are probably not top-of-mind concerns. 

Other industries successfully thwarted scams by giving people common sense tips to implement. For example, the Virginia Lottery advises players to stay safe from scans by signing their lottery tickets immediately after purchase and never posting ticket images on social media. 

If medical professionals and patients received simple strategies related to telemedicine, the number of successful scams should go down. Reminders that a telemedicine provider will never ask for a password, and that patients should never enter personal information after clicking on a link that redirects them elsewhere, could help people stay safe. 

Providers could unwittingly violate patient privacy

The U.S. Department of Health and Human Services (HHS) recently issued a statement that permitted health care providers to use popular communications tools to ease the public health crisis caused by COVID-19. It also acknowledged that some platforms used might not comply with patient privacy laws. HHS said the responsible body for issuing noncompliance fines would take the provider's "good faith" usage of telehealth platforms into account. 

The HHS also listed some widely available services — like Zoom, Facebook Messenger and Skype — that providers might use instead of purpose-built telemedicine services. Zoom, in particular, came under fire recently when hackers broke into chats and caused disruption. Some analysts warn that the HHS statement does not get providers off the hook for a patient data leak, meaning caution is of the utmost importance.

Concerning COVID-19 scams more generally, providers could proactively tell patients what kinds of communications to expect from them and when. The American Medical Association said cybercriminals embedded a link to a malware-riddled site in a map supposedly showing the spread of coronavirus cases. 

People could make themselves vulnerable to phishing attacks if they interact with dangerous messages that seem to come from health care providers. Thus, physicians using telehealth platforms can help protect privacy by telling patients they will always use someone's full name in emails, plus verbally alert a person via a video chat to expect any such messages. Doctors should advise patients to look for specific details and never give information if doubts remain. 

Cybercriminals frequently distribute generalized messages to increase their overall reach. A scam message might say, "Dear Patient, please submit this survey to give feedback about your recent telemedicine visit." An authentic message might instead read, "Dear [full patient name], please submit this survey to give feedback about your telemedicine visit on [date] with [physician's name]." 

People using telehealth services must build awareness

Cybercriminals' efforts flourish when too many people take the "it could never happen to me" mindset or do not recognize the potential dangers at all. Whether a person depends on telehealth services as a provider or a patient, they should take the time to learn about the risks and minimize their chances of becoming victims. 

Kayla Matthews is a MedTech journalist and writer. Her work has also been featured on Medical Economics, HIT Consultant, HealthIT Outcomes and Health IT Answers. To read more from Kayla, please visit her blog here.

Sponsored Recommendations

Trailblazing Technologies: Looking at the Top Technologies for the Emerging U.S. Healthcare System

Register for the first session of the Healthcare Innovation Spotlight Series today to learn more about 'Healthcare's New Promise: Generative AI', the latest technology that is...

Data: The Bedrock of Digital Engagement

Join us on March 21st to discover how data serves as the cornerstone of digital engagement in healthcare. Learn from Frederick Health's transformative journey and gain practical...

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...