News & AnalysisNewsletter

Telehealth Poses Big Cybersecurity Threats, Say Harvard Researchers


The Covid-19 pandemic has lead to a meteoric rise in teleheathcare services, but a Harvard Medical School team raises the “substantial” information security concerns around telehealth.

Harvard Medical School team authors, led by organizational cybersecurity researcher Mohammad S. Jalali, recently published a letter in the Journal of the American Medical Informatics Association. Jalali, in the letter, noted that telemedicine services has indisputably made healthcare more accessible, but the relaxation in regulations regarding the virtual care along with a heightened threat landscape can cause trouble.

The security perils of telemedicine

“As we continue this shift to telemedicine, new issues and risks unravel that need to be addressed, particularly in regard to information security and privacy, and ongoing work is needed to ensure that our technology infrastructure provides an environment for safe and effective care delivery,” the researchers mentioned.

They also pointed out that the U.S. Department of Health and Human Services has relaxed several restrictions on the use of communication apps such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts, Zoom and Skype – for telemedicine.

Certainly, these relaxations have made it easier for many patients to access virtual care. However, the researchers have raised concerns regarding inadequate data protections. They’ve pointed out the recent incident about “Zoom bombing,” last year.

Moreover, government agencies have also issued warnings regarding the possibility for cyberattacks against the healthcare sector. The Harvard Medical School researchers cited that these attacks can be averted with multi-pronged approach.

While awareness regarding the threat is viral, Employees in the organization should be trained to be vigilant on possible cyber threats particularly via phishing emails. Best-practice security behaviors should be encouraged by the organisation. Practises like encrypting data, keeping software updated, running antivirus software, using two-factor authentication and following local cybersecurity regulations should be encouraged to follow.

Jalali and his co-researchers also advised usage of healthcare-specific products instead of consumer video conferencing tools in their letter. “Enterprise-grade software versions may include key security features such as encryption, and may offer additional configuration settings that can be standardized for the entire organization, such as requiring a waiting room with every teleconference,” the team wrote.

Apart from the research teams, Cybersecurity experts have also warned about the potential dangers telemedicine may incur. The publication in its’ previous reports have stated that the meteoric rise of the telehealth could act like “blood in the water” for bad actors.

Enhancing cybersecurity infrastructure

As we enter 2021, the threat of privacy and security is unlikely to abate. Experts believe that telehealth will continue to present security challenges. Therefore, healthcare organizations need to enhance their cybersecurity infrastructure by developing stronger prevention and detection protocols, both administrative and technological.

Emerging fields, such as artificial intelligence, the internet of things, and blockchain can also be employed as prevention and detection tools to combat cyber threats more effectively. To leverage these technologies, healthcare organizations need to partner with telemedicine and cybersecurity vendors to understand how to best implement and use their infrastructure and products.

Besides, healthcare organizations should be prepared with well-defined response plans. Unfortunately, response plans are often ignored or they are not considered as prevention and detection strategies. Response plans that are tested and practiced are required to minimize the negative consequences of an incident and ensure the provision of safe, secure, and reliable health care operations, the researchers highlight.

Ultimately, while healthcare systems should allocate significant resources towards improving telemedicine capabilities, it is up to healthcare delivery organizations to ensure that these new capabilities are safe, secure, and protect patient privacy.

“Balancing the significant privacy and information security concerns with the enormous potential benefits of virtual care during this pandemic will remain a vital component to our continuously evolving response to COVID-19,” concluded Jalali and his co-authors.

Leave a Response