As healthcare providers struggle to overcome delays due to the COVID-19 pandemic and serve an aging population, the popularity of telemedicine will continue to grow.
Let's not forget that during the COVID-19 pandemic, telemedicine services were one of the areas that proved how successful solutions technology can provide, say experts from the global digital security company's team ESET.
Just as cloud-based services have helped workers stay productive during quarantine, so telemedicine sessions ensured that doctors continued to offer essential healthcare and advice remotely. In fact, the telemedicine sessions represented a quarter of all medical contacts in the US during the first four months of the pandemic, when the previous year the rate was... just 1%!
But are telemedicine services safe to use? Is patient data adequately protected? Could this data be sold to third parties or stolen by hackers and even sold on the dark web?
"Now that this process has been smoothed out and we are also getting more and more used to it our hybrid life, additional security and privacy concerns emerge,” ESET says. "As telemedicine becomes more widespread, perhaps you should be more concerned about these potential risks," says the company's team, explaining what telemedicine is, what the privacy risks are, and what we can do to let's protect them.
What is telemedicine?
Telemedicine, teletherapy, or telehealth refers to any service that allows a healthcare professional to provide care to their patients remotely. For most people this means chatting online via video or over the phone. A huge variety of new apps have sprung up to serve this rapidly growing market.
In addition, the text messages, email and file sharing services they can be used to convey important patient information and prescriptions. Telemedicine also extends to remote monitoring of patients through connected devices such as blood sugar meters, blood pressure monitors, and activity trackers.
What are the main security and privacy risks of telemedicine?
Where there is sensitive data to steal or buy, cybercriminals and fraudsters lurk. Patient data is especially valuable in dark corners of the Internet, as they include personal and financial information that can be used in identity and insurance fraud or for the illegal acquisition of drug prescriptions.
They may also include personal medical information, which could even be used as leverage in blackmail attempts.
There are multiple potential risks, from the apps themselves and their developers to the devices of patients and doctors. According to ESET these are some to consider:
- Data collection: According to the British non-profit organization Privacy International: "The challenge of telemedicine applications is also the driving purpose behind their existence: to collect health data from individuals." He adds that some telemedicine apps "collect and store far more data" than traditional healthcare providers. This carries the risk of being sold to third parties (although this is strictly regulated in Europe with the General Data Protection Regulation – Better quality of care) or be stolen/leaked if the application provider is cyber-attacked. In 2020, one data leak at Babylon Health led to sending videos of private sessions to other patients.
- Software Vulnerabilities: Telemedicine software can contain security flaws that can be exploited by hackers to steal patient information and commit fraud.
- App Credential Theft: If users use weak or easily recognizable passwords there is a risk that hackers can hijack their account and collect sensitive medical and financial information. Password reuse is also a significant threat: if you use the same password on your telemedicine app and on other websites and apps, then if compromised, those same credentials could be used by hackers to unlock the telemedicine app in use.
- Malicious (fake) telemedicine applications: Another classic hacker technique for compromising user data is placing legitimate apps laced with malware on app markets and waiting for unsuspecting users to download them. They could use this malware to collect personal and financial data from the phone.
- Risks of connected devices: Just as telemedicine applications collect vast amounts of data, so too can connected devices such as health monitors. Some of these indicate, for example, the user's location and activities, and may be stored by both the healthcare provider and the device or app manufacturer – multiplying the risk of leaks, breaches and resale to suspicious third parties. Many of us may not read the fine print in privacy policies that allow the latter, although the GDPR should protect EU consumers from excessive data sharing. HIPAA regulation in the US ensures that only medically necessary data is collected and regulates who can access it. But not all businesses follow the rules.
- Patient computers and smartphones: We should also be aware that the computers or devices we use to access the telemedicine services may be at risk of spying or hacking. If a hacker manages to gain remote access to your computer or other device, they will have access to your login codes and telemedicine information. The same applies to the devices of healthcare professionals.
- Chat Platform Privacy Risks: Commercial video conferencing platforms such as Skype and Zoom are also often used for telemedicine. In fact, regulations were relaxed during the pandemic to allow this. However, their use could increase the risk of patient data being sold to third parties.
What can you do;
A few steps can help alleviate many of the concerns listed above. Consider the following:
- Protect your computer/device with security software from a reliable supplier.
- Always use strong and unique codes access
- Add an extra layer of password security by enabling it multi-factor authentication, where available
- Always keep them applications telemedicine and chat updated
- Ask your telemedicine application provider how personal and health information is processed and secured;
- Make sure that any commercial applications chat used for telemedicine is end-to-end encrypted
- Never don't connect to a public Wi-Fi hotspot or shared computer/device
- Don't make an appointment telemedicine or do not share information with a provider telemedicine applications that you do not know or with contact information that you do not recognize
Making sure our data is safe and our privacy is ensured is a vital first step in making the most of a technology that is increasingly important to our health and well-being.