• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • COVID-19
  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • Artificial Intelligence
    • Blockchain
    • Mobile Health
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Keeping Telehealth in Great (Security) Shape

by Mattias Fridström, Chief Evangelist at Arelion 11/22/2022 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Mattias Fridström, Chief Evangelist at Arelion

COVID-19 turned telehealth into a household term, transforming the services that healthcare providers can offer patients. Thanks to advancements in connectivity, global experts in rare procedures and conditions can connect virtually to share knowledge with local medical practitioners and surgeons – and can conduct remote consultations in the comfort and privacy of patients’ homes worldwide. Telehealth is still viable and very important to connect patients to healthcare providers, even as the world returns to a semblance of normalcy. Many telehealth platform providers focus on endpoint security to protect their extremely sensitive data, with the industry increasingly integrating secure access service edge (SASE) products and VPN replacements. 

But all of this innovation and connectivity comes at a cost – and endpoint security alone doesn’t cover it. Healthcare and the wider business community have turned to the public Internet (the worldwide collection of router-based, interconnected networks) to provide the uninterrupted, high-quality, reliable services telehealth platform providers and practitioners need to serve their communities. In short, you’re likely using the public Internet if you’re connecting to a doctor through your home computer or iPad. However, increased use of the public Internet means that healthcare providers don’t control the underlying networks end-to-end, leaving them especially susceptible to large-packet attacks. To address this vulnerability, telehealth providers must partner with operators that have a reliable network with a global reach backed by strong security measures that keep their telehealth services operational. Endpoint security is important, but security at the network layer is also necessary to protect sensitive telehealth data and achieve comprehensive protection of a telehealth provider’s network. 

DDoS mitigation: keeping servers at peak performance

Distributed Denial-of-Service (DDoS) attacks remain one of the most common methods hackers use to attack a network. DDoS attacks flood servers with malicious traffic to disrupt network operations and bring service to its knees. Aside from stopping network operations, a DDoS attack can act as a cover for other malicious activities, such as patient data theft through an exploited backdoor or the implanting of malware that continues to wreak havoc even after the original attack has stopped. 

When looking to secure their telehealth services and data, providers should choose a global connectivity partner that offers automated, scalable DDoS protection. High-capacity DDoS protection drops malicious traffic through surgical scrubbing sites before it reaches a telehealth network and has the flexibility needed to secure against different attack vectors. These vectors include protocols (which are often slow to update and adhere to global standards), volumetric attacks that attempt to use up all of a network’s bandwidth, and application attacks that exploit weaknesses in specific applications. A precise DDoS mitigation service should provide 24/7/365, host-level protection backed by a high-performance, global network. This means that healthcare providers don’t have to worry about attacks even at non-peak hours, even as DDoS attacks increasingly persist no matter the time of day. 

According to a recent threat report, attack vectors evolved in 2021 from smaller, more frequent SYN-based attacks to large-packet, infrequent DNS and NTP amplification attacks. Peak traffic rose 45% in 2021, with attack traffic correlating with peak traffic levels and the average attack size totaling between 25Gbps-35Gbps. These attacks will remain highly profitable for cybercriminals due to the critical nature of telehealth data and services, highlighting the need for comprehensive security on the network itself.

RPKI: protecting the central nervous system of the Internet

A second attack vector that uses the public Internet as an attack path is traffic hijacking, with several of these attacks taking place on major cloud provider networks in recent months. Unprotected traffic can be announced to anyone on the Internet and is particularly vulnerable to hijacking, which detours network traffic to undesired locations. Considering the inherent sensitivity of telehealth data, including patient information and treatment documentation, this could be devastating to a telehealth provider and its patients. 

To prevent traffic hijacking and redirection, Resource Public Key Infrastructure (RPKI) is a secure identification system that better controls connections to the Internet by ensuring service providers can automatically validate and secure Border Gateway Protocol (BGP) announcements. This is vital as BGP is essentially the nervous system of the Internet. RPKI makes it harder for hackers to re-route sensitive telehealth traffic without the knowledge of the service provider or telehealth platform involved. In addition, RPKI helps prevent accidental leaks of routes by which telehealth data is transmitted. 

RPKI was developed by the Internet Engineering Task Force, an organization dedicated to creating better standards for Internet protocols. It’s voluntary to adopt RPKI or any of the standards the IETF creates, but the unique security needs of telehealth and the exposed nature of the public Internet mean that it is better to use a global service provider that has a track record as an early adopter of this security service as part of a comprehensive telehealth security strategy.

Choosing a global connectivity partner to achieve comprehensive telehealth security

Comprehensive telehealth platform security is best achieved through partnerships with a global operator that is constantly striving to improve the quality of its network and the security on that network. Like other enterprises, healthcare providers need different layers of security. But in the context of their network needs, all healthcare providers have one thing in common: their data is highly sensitive. 

Endpoint security is necessary – but it does not provide the comprehensive security that ensures healthcare providers’ traffic will only traverse their network. DDoS protection prevents sudden shutdowns – but it doesn’t prevent traffic hijacking. And while RPKI helps prevent hijacking, it doesn’t drop malicious traffic automatically before it reaches a healthcare provider’s Internet connection. To keep your telehealth platform or service robust, it’s important to choose a service provider that has a global footprint and comprehensive network security strategy that addresses the most common attack vectors in today’s evolving threat landscape. Although security on the network is just one piece of comprehensive telehealth platform protection, it has never been more crucial for protecting critical health data.


About Mattias Fridström

Mattias Fridström is the Chief Evangelist at Arelion, a leading light in global connectivity services. Mattias holds an MSc in Electrical Engineering from the University of Wollongong, Australia. Since joining Telia in 1996, he has worked in a number of senior roles within Telia Carrier (now Arelion) and most recently as CTO.

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: cloud, Cybercriminals, Malware, Telehealth Services, Vital

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Knowledge Hub

 How Top Health Plans Use AI to Save Money and Work Smarter How Top Health Plans Use AI to Save Money and Work Smarter

 How to Build Hybrid Care Models Around Remote Patient Monitoring How to Build Hybrid Care Models Around Remote Patient Monitoring

Trending

Clover Health Exits CMS ACO REACH Program to Focus on Medicare Advantage

Clover Health Exits CMS ACO REACH Program to Focus on Medicare Advantage

Cigna to Acquire Express Scripts for $67B: 5 Things to Know

Cigna and Humana Merger Talks Could Face Antitrust Scrutiny

RNSA23: Cleveland Clinic and Canon Partner to Pioneer Next-Gen Imaging Technologies

RSNA23: Cleveland Clinic and Canon to Establish Comprehensive Imaging Research Center

Automating Implant Orders: A Turning Point in Healthcare’s Digital Transformation

Automating Implant Orders: A Turning Point in Healthcare’s Digital Transformation

Consumers Believe Generative AI Can Revolutionize Healthcare

71% of Consumers Believe Generative AI Can Revolutionize Healthcare

NCQA Launches Virtual Care Accreditation Pilot

NCQA Launches Virtual Care Accreditation Pilot

Novant Health Acquires Three Tenet Hospitals in South Carolina for $2.4 Billion

M&A: Novant Health Acquires 3 Tenet Hospitals in South Carolina for $2.4B

UnitedHealthcare Launches Virtual Prescription Renewal Option

UnitedHealthcare Accused of Using Faulty AI Model to Deny Healthcare Claims to Elderly Patients

Meet The Circular Smart Ring Slim, The Slimmest and Lightest Smart Ring in the World

Meet The Circular Smart Ring Slim, The Slimmest and Lightest Smart Ring in the World

MIT Spun Out Layer Health Launches with $4M to Build the AI Layer for Healthcare

MIT Spun Out Layer Health Launches with $4M to Build the AI Layer for Healthcare

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • 2023 Editorial Calendar
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2023. HIT Consultant Media. All Rights Reserved. Privacy Policy |