While many healthcare providers must stay open during the COVID-19 outbreak – including hospitals and urgent care centers – others now have the choice to see patients remotely thanks to telehealth services. Not only does telehealth ensure that patients are not being exposed to the virus by leaving home, telehealth is also more convenient and offers a range of clinical and non-clinical options, as well as training and education. Today we take a look at what telehealth is, why it’s important in the current environment, and cybersecurity considerations when implementing a telehealth strategy.
What is Telehealth?
According to the Health Resources Services Administration,
“Telehealth is the use of electronic information and telecommunications technologies to support long-distance clinical health care, patient and professional health-related education, public health and health administration. Technologies include videoconferencing, the internet, store-and-forward imaging, streaming media, and terrestrial and wireless communications.”
There is often confusion between telemedicine and telehealth. Telemedicine typically focuses on remote clinical diagnosis and monitoring that is delivered by electronic communications and software. It is often used for follow-up visits, management of chronic conditions, medication management, and specialist consultations.
Telehealth differs from telemedicine in that it can encompass remote non-clinical services, such as provider training, administrative meetings, and continuing medical education, in addition to clinical services.
Examples of telehealth fields of healthcare can include:
- Physical and occupational therapy
- Home health
- Chronic disease monitoring and management
- Disaster management
- Consumer and professional education
COVID-19 is Driving a Surge in Telehealth
Teladoc Health, which provides virtual evaluation and treatment of symptoms, reported on March 13th that patient visits had doubled over the prior week, now averaging 30,000 visits a day. A recent STAT article found that at the University of Pennsylvania in Philadelphia, requests for virtual visits are coming in faster than clinicians can handle them. The hospital system has increased the number of practitioners delivering remote consults from six to 60, but it is being forced to schedule telehealth visits several days out to spread the workload.
Whether current infrastructure can keep up with this new, unprecedented demand is unknown. Right now, it seems technology can handle the load but the human factor is the question.
“You can get the technology to support these astounding volumes,” said Roy Schoenberg, the CEO of the Boston-based telemedicine company Amwell. “But you’re very quickly getting to a point where the supply of medical services isn’t there. We need to have enough clinicians to allow us to handle that incoming volume.”
The Cybersecurity Implications of Telehealth
Unfortunately, hackers are watching every new development in healthcare, including the switch to more online services, and adjusting their strategies. In fact, since the coronavirus outbreak, cyberattacks on healthcare seem to have increased. The Brno University Hospital in the Czech Republic was hit by a major cyberattack on March 12th and 13th, causing an immediate computer shutdown in the midst of the coronavirus outbreak. The hospital has one of the largest COVID-19 testing facilities in the Czech Republic. On the 15th, the Department of Health and Human Services (HHS), one of the agencies on the front lines of the outbreak, had been breached by hackers.
However, might there be a truce with hackers during the pandemic? Lawrence Abrams, the creator of BleepingComputer, reached out to the cybercrime groups behind several ransomware threats to ask them “will you continue to target health and medical organizations during the COVID-19 pandemic?” According to Forbes,
“At the time of writing, two had replied and their answers might surprise many readers. The first to respond were the operators of the DoppelPaymer ransomware threat, who told Abrams that they ‘always try to avoid hospitals, nursing homes.’ When attacking local government targets, they ‘do not touch 911,’ although sometimes emergency communications are hit due to network misconfigurations…. The operators of the Maze ransomware threat also said they would stop attacking medical organizations until ‘the stabilization of the situation with the virus.’”
Securing Telehealth Channels
Cybercriminals may or may not continue to target healthcare organizations during the pandemic. However, one thing is for sure and that is that telehealth is here to say.
Thus, companies need to consider how to secure their systems, networks and channels. Healthcare providers use a variety of applications, software programs, and devices when performing a telehealth consultation. The devices that are being used might not always belong to the provider, making it difficult to know how secure they are. It is also unknown if the information that the patient sends back is being encrypted. Patients might be using an unsecure Wi-Fi network when they call their provider, which makes it easier for a fraudster to gain access to any of their personal information.
Telehealth organizations can implement a number of initiatives to go from reactive to proactive in the fight to secure patient data. Efforts include recurring exercises designed to test their own system’s vulnerability and ensuring they know how their data is transmitted, processed and stored, and whether regular updates are being made. Also considering the “human” factor:
“The first and last line of defense is, of course, the practitioner, as the party best placed to realize that something is wrong and raise the alarm at the slightest doubt. “It is essential to educate medical and telemedicine professionals about the new risks and symptoms of a cyberattack,” Robert Wakim, Offers Manager at Stormshield points out.
Bluefin Helps Secure Telehealth Channels
Telehealth is becoming an integral part of non-clinical healthcare practices as more patients continue to need services but cannot leave home. But remote healthcare comes with challenges in securing sensitive data – particularly as cybercriminals take advantage of the fear around COVID-19 – underscoring the continued need for encryption and tokenization.
Bluefin specializes in payment and data security solutions for the healthcare industry, including PCI-validated Point-to-Point Encryption (P2PE), which safeguards cardholder data entered at the point of sale or over the phone, and tokenization of Personally Identifiable Information (PII), Personal Health Information (PHI), and payment data entered online with our ShieldConex® platform.
Working with thousands of healthcare providers, including major hospitals, urgent care networks, dentists, chiropractors and more – we are here to help you secure your patient and payment data during this uncertain time. Contact us for more information.