A boom in telehealth has brought about disappointing consequences – increased exposure to hackers and ransomware attacks.
The increased availability of telehealth applications is no doubt a huge benefit for patients, increasing access to care in a multitude of areas as well as other underserved areas of the country. Telehealth services were indispensable throughout the pandemic for providing care while minimizing infection risks to others. With all the obvious benefits that patients and clinicians are seeing from telehealth, experts in cybersecurity and risk see another troubling trend – an opening for hackers.
Prevalence of Cybercrimes in Healthcare
Data breaches now cost the healthcare industry around 4$ billion each year, with one of the biggest threats being telehealth. A May 2022 article from Risk and Insurance magazine titled “Since When Did Health Care Become More About Convenience Than Security?” highlights the elevated risks involved, such as increased exposure to for hackers to access patient/doctor communications.
The data security risks for hospitals and other healthcare organizations are already high. A whitepaper cited in the Risk and Insurance article was conducted by Sophos, a cybersecurity provider, and concluded that 34% of healthcare organizations were hit by ransomware in 2021. Other findings from the white paper included:
- 65% of those healthcare organizations that were hit in 2021 said that the cybercriminals succeeded in encrypting their data.
- 44% of those whose data was encrypted used backups to restore data.
- 34% of those whose data was encrypted paid the ransom to get their data back.
A staggering 43.1 million healthcare records were breached in 2021, according to the Department of Health and Human Services HIPAA Breach Reporting Tool website. 713 total breaches were reported, with 526 of them being categorized as hacking incidents.
Opening A Door for Hackers
Interoperability is critical to make for an effective and smooth experience for patients and providers, however it also is another entry point for hackers to access private medical information. Ransomware may be used to hold medical data hostage until the provider agrees to pay to have it released. Common methods that hackers attack include standard phishing attacks through email which then installs malware on provider computers or other devices. With more providers and staff working remotely and using mobile devices, there are many more vulnerable access points and opportunities for entry through unsecure networks.
Preventing Attacks
Healthcare Broker, Risk Placement Services recommend some steps that hospitals can take to protect themselves from cybercriminals:
- Have strong firewalls in place and frequently update antivirus software.
- Save three copies of all critical data in at least two different formats and storing one copy offline, out of reach of malicious code. This is upon the advisement of the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI.
- Use segmentation, which involves dividing networks into smaller sections. This limits ransomware to one segment rather than shutting the whole network down.
- Train employees to be aware of the importance of maintaining security.
FormDr is proud to offer HIPAA-compliant and encrypted methods for transmitting forms and patient information. When it comes to designing your telehealth processes to minimize risk, we are ready to assist. Gain all the benefits of secure, customized online forms, easier workflow, and spend less time tracking down patient information – without the added worry of a transmitting unsecure ePHI.
