Besting the Pandemic: Telehealth Best Practices During COVID-19

Telehealth vulnerabilities skyrocketed during COVID-19. Implementing these small best practices can have a big effect on security.

Telehealth primary care visits increased 350-fold during the COVID-19 pandemic, simultaneously expanding the attack surface for cyber criminals and causing a 30-percent increase in cybersecurity findings per telehealth domain, including:

  • 117-percent increase in IP reputation security alerts
  • 65-percent increase in patching cadence findings
  • 56-percent increase in endpoint security findings
  • 16-percent increase in application security findings
  • 42-percent increase in File Transfer Protocol issues
  • 27-percent increase in Remote Desktop Protocol issues

This data strongly indicates healthcare organizations should double down on cyber risk management; however, with limited resources, an influx of patients, and the pandemic itself, providers have put cybersecurity initiatives on hold. On the other hand, if nothing is done to improve cybersecurity, healthcare infrastructure and protected health information (PHI) will be at the mercy of hackers in 2021.

Telehealth Best Practices

Contrary to what many organizations believe, cybersecurity doesn’t have to be a herculean effort. Providers can implement the following best practices, at little cost and with minimal effort, to combat burgeoning cyber attacks.

1. Educate users

Human nature is the easiest “in” for hackers. A telehealth provider’s best defense is a user security awareness program that includes education, training, and simulated attacks.

2. Reduce communications

The more email employees receive, they less they pay attention to what they’re clicking on. The enterprise should plan thoughtful communications to reduce the chance of staff clicking on a malicious link in what they think is yet another HR email.

3. Use data encryption

To secure PHI, organizations should choose a telehealth platform that encrypts data in transit and at rest.

4. Adopt multi- or two-factor authentication

Requiring two pieces of identifying information (e.g., a password and a pin number) to log into a system can deter hackers looking for an easy score.

5. Apply timely updates

Patches and updates help protect systems from having known vulnerabilities exploited by malicious actors. Setting automatic updates is a simple way to ensure telehealth platforms are up to date.

6. Move to a healthcare-specific telehealth platform

At the start of the pandemic, the Office for Civil Rights and the Department of Health & Human Services released a statement allowing providers to use non-healthcare-specific platforms, such as Apple FaceTime, Facebook Messenger, Google Hangouts, Zoom, and Skype, for telehealth services. However, this was intended to temporarily expand telehealth services during an emergency and is not a permanent solution. To reduce privacy and security risks and remain in compliance, healthcare providers should use HIPAA-compliant platforms to deliver telehealth services.