• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Is Telehealth Healthcare’s Biggest Cyber Threat?

by Mike Wilkes, Chief Information Security Officer, SecurityScorecard 06/08/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Is Telehealth Healthcare’s Biggest Cyber Threat?
Mike Wilkes, Chief Information Security Officer, SecurityScorecard

It’s time to get used to seeing your doctor from a digital screen, as virtual care is projected to expand well into the future. And while telehealth technology has proven to be highly beneficial in supporting the shift to virtual healthcare, it has also introduced a host of new vulnerabilities and opportunities for security breaches. Cybercriminals have always preyed on the healthcare industry, but with this virtual transition, the substantial increase in connectivity and network exposure has expanded the bullseye target for threat actors around the world. 

It is crucial that providers take control of their cybersecurity posture and secure their telehealth solutions from cyberattacks and risks.

The Rise of Telehealth

Telehealth has existed in some form ever since the ability to communicate over long distances around the turn of the 20th century but didn’t become well established until the 1960s and 70s as a way to provide rural populations healthcare access. It comes as no surprise to most, however, to hear that the practice really took off during the COVID-19 pandemic when, due to lockdowns, health concerns, and healthcare mandates, demand for remote healthcare services increased sharply.

According to a July 2020 ASPE report, telehealth accounted for less than 1% of primary care visits in February prior to the pandemic — but by April 2020, they constituted nearly half. In all, the pandemic led to a 350-fold increase in telehealth visits from pre-pandemic levels. While the initial surge has dropped from its peak, telehealth visits demonstrated their value to patients and medical staff alike and are destined to remain much more common than they were prior to 2020.

Where the Threats are Coming From

Since telehealth relies on meeting and sending information electronically using computer networks and the public internet, information exchanged during these sessions (as well as the connected networks themselves) are more exposed to cyber threats. And while it may seem like an obvious idea to work to further secure healthcare networks, many of the vulnerabilities stem from the patient’s network devices.

Many telehealth patients connect to services through poorly secured devices and home networks, leading to endpoint vulnerabilities if the proper authentications and measures are not implemented. This larger attack surface opens the door for increased threats and attacks from all the usual suspects, such as phishing, malware, zero-day exploits, and DDoS attacks.

The sudden and rapid increase of telehealth services also acts as a beacon to bad actors, who are attracted to new technologies and roll-outs due to the potential for more blind spots or misconfigured security settings that they can take advantage of.

It’s not just the potential for vulnerabilities that make telehealth an attractive target for attacks. But it’s also the information that can be stolen from such attacks is considered particularly valuable. Hacking healthcare networks provide potential access to both personally identifiable information (PII), protected health information (PHI), and access to patient payment details, which can all be used for identity theft.

How Big is the Threat?

Since the broad implementation of telehealth at the start of the pandemic, providers have seen the following:

– 117% increase in website/IP security alerts due to malware.

– 65% increase in security patching of known vulnerabilities.

– 56% increase in endpoint vulnerabilities that enable data theft.

– 42% increase in issues related to FTP– the network protocol that facilitates the transfer of information between client and server.

– 27% increase in issues related to RDP– the protocol that enables remote connections.

– 16% increase in web-based application security findings.

The report found that, while the overall healthcare sector saw a slight improvement in its security posture from September 2019 to April 2020, this improvement was offset by the surge in risk and vulnerabilities resulting from the telehealth explosion. 

Many healthcare organizations had to turn to telehealth quickly, which meant less time to properly vet vendors and enact appropriate security measures. Overall data suggest that cybercriminals opted to focus less on healthcare organization networks and began targeting telehealth vendors instead, due to the new opportunity it presented. This is further supported by the notable increase in mentions of telehealth companies in dark web records and sites.

Defending Telehealth and Patient Portals

It’s not too late to tie up loose ends and secure the telehealth industry, but it’s going to take work. Reducing threats and minimizing risk requires implementing robust, modern security solutions designed to shore up endpoints and authenticate identity. The following tools and techniques work toward those ends:

– Multi-Factor Authentication: By requiring two or more factors to verify identity at login, you make it that much harder for cybercriminals to gain access with stolen information or credentials. 

– Login Monitoring: Monitoring devices and logins can alert the security team if a login is attempted from an unrecognized device or if a device or account is associated with suspicious behavior. Tracking login behavioral patterns also make it possible to distinguish between a bot and human activity.

– Credential Screening: Instead of relying on a static list of compromised credentials, you should check credentials against a dynamic database to ensure immediate detection of unauthorized credential use.

– CAPTCHA Implementation: Deploying a CAPTCHA service helps reduce threats associated with riskier or repeated login attempts.

– Failed Login Limits: Setting a limit for the number of failed login attempts for a single account helps prevent brute force attacks and other attempts at compromising login credentials.

If telehealth and new healthcare technologies continue to have poor network security, we can expect that cybercriminals will continue to pay attention to this space, potentially putting patients’ lives at risk. It is crucial that providers take control of their cybersecurity posture and secure their telehealth solutions and service providers from cyberattacks and risks to best protect the security and identities of their patients in the future.


About Mike Wilkes 

Mike Wilkes is the Chief Information Security Officer (CISO) at SecurityScorecard. Wilkes is responsible for developing enterprise-wide security programs to protect corporate systems as well as growing and extending the SecurityScorecard platform to customers, executives, and boards of directors. Before joining SecurityScorecard, he was the VP, Information Security at ASCAP and the Director of Information Security, Enterprise Architecture, and DevOps teams for Marvel Entertainment.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: behavior, Cybercriminals, Cybersecurity, Malware, Notable, patient payment, PHI, Phishing, Primary Care, risk, Security Breaches, Telehealth Services, Telehealth Visits, Virtual Care, Virtual Healthcare

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Paradigm Shift in Diabetes Care with Studio Clinics: Q&A with Reach7 Founder Chun Yong

Most-Read

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |