Telehealth and Cybersecurity: Is Your Crisis Solution Putting You at Risk? - GlobalMed

Name two dominant influences on 21st-century healthcare and it’s a safe bet that telemedicine and cybersecurity would make the list. In the last 20 years, telemedicine has radically cut healthcare costs and brought life-saving care into rural and underserved areas; during the same period, cybercrime has boomed, with attackers repeatedly targeting healthcare organizations’ rich stores of valuable data. The black market price tag of stolen protected health information (PHI) can go for $60 a record, compared to roughly $1 for a credit card or social security number.

Some providers have ignored both trends, dismissing the benefits of telemedicine while underestimating the need for a strong cybersecurity program. But the Covid-19 pandemic has forced nearly everyone in healthcare to reckon with both, thanks to two dynamics:

• The rapid adoption of telehealth solutions. In the face of a highly infectious virus, telemedicine has stepped in like a hero, enabling remote connections to help limit contamination. More than 41 million telehealth claims were filed between April and July 2020, a 4,000% year-over-year increase over the same time period in 2019.
• A sharp increase in cybercrime. Attackers moved fast to exploit the chaos and confusion of the pandemic. COVID-19 email scams skyrocketed 667% just in March; more than half a million Zoom accounts have been sold on the Dark Web. These criminals know that in the panic and fever of last spring, many providers jumped on video-only solutions such as Zoom and others, skipping a thorough risk assessment, thanks to a relaxed security and reimbursement landscape. Now nervous security experts are calling these vulnerable new environments “blood in the water” to cybercriminals. 

Right now, some of you may be thinking, “We’re safe; our video-only solution wasn’t HIPAA compliant at first but it definitely is now.” And it’s true that some solutions, like Zoom, took that crucial step of meeting HIPAA requirements, which is great. But cybercrime sharks are still hunting in healthcare waters – and video-only platforms are unfortunately still ripe for attack, as a recent study shows.

Healthcare’s Insecurity Complex

A disturbing report from SecurityScorecard and DarkOwl names telehealth as the current biggest threat to healthcare cybersecurity. After reviewing 30,000 health organizations and the top 148 telehealth vendors, the study found increased risk across application and endpoint security, IP reputation, patching cadence, and network security.

“The COVID-19 pandemic presented a multitude of juicy opportunities for bad actors,” the report noted, “ranging from phishing attempts fueled by fear of the crisis to patchy work-from-home security practices.” These opportunities led to “an enormous increase in targeted attacks,” in part because of the speedy video solution adoption – and lack of security evaluations – so common in the early pandemic.

The repercussions of a breach extend beyond the cost of data theft and HIPAA fines for non-compliance. Ransomware attacks have shut down entire hospitals, forcing them to reroute patients to other facilities for care. Even just one incident in a private practice can frighten patients into terminating their provider relationship or avoiding virtual care in the future.

The answer? Sticking to telemedicine solutions with proven security and long-term stability. As the report authors put it, “In order for the healthcare industry to protect patient and provider data, vetting and enforcing security protocols around new technology providers remains paramount.”

That’s a reality GlobalMed has long understood, and it’s why we are the most secure telemedicine solution in the industry.

Tested and Trusted: GlobalMed Security

When it comes to telemedicine security, GlobalMed operates a world-class infosec program. Our people-first approach focuses not only on risk but resilience, with a robust and sustainable culture of security. Our programs include risk management, continuity of operations, incident response, vulnerability and patch management, and resiliency by design – with ongoing role-based security awareness education to keep our expertise sharp.

To ensure our customers are protected from even the latest threats, our security stack is tightly aligned to NIST and includes controls from FedRAMP, HIPAA, ISO, SOC 2, and other industry standards. We are currently working to achieve the highest levels of security attestations and we are committed to providing the safest and most reliable solutions on the market. When it comes to our security architecture, GlobalMed solutions protect you with:

• Strong encryption in transit and at rest
• Multi-factor authentication (MFA)
• Vulnerability scanning
• SIEM and analytics
• Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) – North and South focus
• Endpoint security, Endpoint Detection and Response (EDR), Managed Detection and Remediation (MDR), File Integrity Monitoring (FIM)
• Mobile Device Management (MDM)
• Privileged Identity Management (PIM) and Privileged Access Management (PAM) – East and West focus
• Data Loss Prevention (DLP)
• Identity and Access Management (IDAM) governance tools
• Web Application Firewalls (WAF)
• Third-party penetration testing

Locking Down Protection and Power

Earlier this year, we predicted that the COVID-19 pandemic would spark more innovation and telemedicine adoption in healthcare. That prediction came true, so here’s another one. As 2021 approaches, we still don’t know exactly how the rest of this pandemic will play out, though the latest vaccine news has been promising. But we do know that attackers will keep trying to infiltrate healthcare organizations – and we know for a fact that virtual care is here to stay. Adopting a secure telemedicine solution is the only path to protecting both patients and the healthcare organizations that care for them.