Telehealth poses “substantial” cybersecurity risks, warn Harvard researchers

• Telehealth services have really matured during this pandemic – but its increased use is also drawing increased cybersecurity vulnerabilities

Telehealth services really came into their own in 2020, with technological and connectivity advancements meaning that when a health crisis arose early this year, online medical consultation platforms were able to lend a (gloved) helping hand when many hospitals and emergency services were overwhelmed.

The mix of remote medical services that telehealth has the potential to offer without necessitating risky contact between medical personnel and patients, no doubt is one of the reasons that the digital health market is projected to hit US$505.4 billion by 2025, a monumental increase from the US$86.4 billion in 2018, as the healthcare industry looks to cutting-edge solutions that can ultimately enhance treatment methods and effectiveness.

Even in a post-pandemic context, the proofs that telehealth is undergoing right now is helping improve quality of care and service, and would be helpful in proffering treatment to patients in remote areas that were inaccessible to traditional healthcare.

Telehealth would also make a world of difference in future bouts with highly infectious diseases, and the applications will only stand to improve based on the experiences of combating COVID-19. But there will also be risks, especially concerning the storage and usage of highly sensitive medical data, which could pose a significant problem if not dealt with.

This was the warning from a team from Harvard Medical School that published a letter in the Journal of the American Medical Informatics Association last week, warning of the “substantial” information security concerns around telehealth.

The authors, led by organizational cybersecurity researcher Mohammad S. Jalali, acknowledged the singular driving effect the pandemic has had on the emerging telemedicine industry. “As we continue this shift to telemedicine, new issues and risks unravel that need to be addressed, particularly in regard to information security and privacy, and ongoing work is needed to ensure that our technology infrastructure provides an environment for safe and effective care delivery,” warns the paper.

The writers also note the changing attitude of the US Department of Health and Human Services towards digital health alternatives, lifting restrictions on popular chat apps like Apple FaceTime, Facebook Messenger video chat, Google Hangouts, Zoom, and Skype for telehealth purposes.

Relaxing such measures on popular platforms makes it easier for patients to access telemedicine, but it also highlights the inadequate data protections of many platforms for securely dispensing medical advice and transmitting confidential information.

The ‘Zoom bombing’ incidents from earlier this year, where bad actors could randomly enter different Zoom video calls before the security encryption was updated and Zoom introduced its own telehealth features, is a good example of the software not being health-ready at the time.

“While healthcare organizations and ambulatory practices may initially need to use consumer video conferencing tools, they should transition to an enterprise (healthcare-specific) video conferencing product,” the letter points out. “Enterprise-grade software versions may include key security features such as encryption and may offer additional configuration settings that can be standardized for the entire organization, such as requiring a waiting room with every teleconference.”

The rapid deployment and transition towards adopting virtual health services is immensely attractive to hackers looking to take advantage of the disarray of starting a large-scale digital solution. “Executives need to be willing to invest fully in cybersecurity throughout the organization. Emerging fields, such as artificial intelligence, the Internet of things, and blockchain can also be employed as prevention and detection tools to combat cyber threats more effectively,” wrote the Harvard team.

The researchers concluded that “balancing the significant privacy and information security concerns with the enormous potential benefits of virtual care during this pandemic will remain a vital component to our continuously evolving response to COVID-19” and beyond.

---

---

---

---