July 22, 2020

As most of us in the healthcare IT sphere know, telehealth adoption has exploded thanks to COVID-19. In fact, according to a recent survey from our client Kyruus, 75% of patients had their first virtual visit in 2020 and Frost & Sullivan forecasts a sevenfold growth in telehealth usage by 2025.

 

At the start of the pandemic, Office for Civil Rights (OCR) at the Department for Health and Human Services (HHS) eased some HIPAA security rules to aid with the rapid shift to virtual care, particularly specifically allowing health systems to use non-complaint remote communication technology such as Zoom, Skype or FaceTime without facing penalties. While the move sped up the adoption of telemedicine, it didn’t eliminate the security and privacy risks associated with them.

 

Virtual care technology introduces a new attack vector that malicious actors can take advantage of to compromise patient health information (PHI). We’ve already seen security incidents arise that should put the privacy of these tools top of mind, including the troubling trend of “Zoom bombing” and the June data breach of the U.K. telehealth app from Babylon Health.

 

Having worked with healthcare focused cybersecurity clients, we’ve picked up a few tips patients and healthcare organizations can follow to mitigate the security and privacy risks associated with virtual care platforms. Here are four things you can do today to improve your security posture as it relates to telehealth:

 

  1. Setup two-factor authentication. If the virtual care platform allows it, you should setup two-factor authentication to prevent unauthorized access to your accounts. If possible, use an app like Google Authenticator for even further protection.
  2. Pick a strong, unique password. We hear this advice every time we’re prompted to setup a password for a new account, yet many still don’t follow it. It’s easy to reuse passwords or use phrases that you’ll remember, but that puts you at greater risk. Make passwords unique and aim to make them at least 8 character long, include numbers, letters and symbols, and avoid common phrases and information like birthdates. Write the password down on paper or use a password manager to help you remember each one.
  3. Install security updates as soon as possible. If you’re one of the people who hits “remind me tomorrow” any time a software update comes through, you might want to think again. Frequently, these updates include important security patches that can help protect you and your data.  
  4. Double check links and email addresses to avoid phishing attempts. Phishing, the practice of sending emails that appear to be from reputable companies to gain personal information, continues to be an extremely successful attack vector and Zoom has already been the focus of many phishing attempts. Hover over links before clicking on them to ensure they’re going to a legitimate domain and double check the actual email address, not just the name, of the sender to verify it’s legitimate. When in doubt, always go to the direct source rather than clicking any links in an email.

 

Looking for a new PR agency that truly understands this market to elevate your healthcare security and privacy expertise? Email me at djohns@ariamarketing.com to learn more about our PR services and our experience working with healthcare cybersecurity companies and related businesses.

Blog post written by:
Danielle Johns
Author: Danielle Johns
Account Director