Top Solutions to Common Cybersecurity Threats in Telemedicine

Troy Hawes, Managing Director, Cybersecurity Consulting Services

A version of this article was updated on April 19, 2024.

Many health care organizations turned to telemedicine, telecare, telehealth, and other video-teleconferencing (VTC) platforms to serve their patients during the COVID-19 pandemic. These platforms provided remote services while protecting patients and health care workers and ensuring social distancing.

Since then, these telemedicine services have become more reliable and popular due to the advances in information and broadband technologies, allowing medical and other health and care professionals to offer remote, interactive services to consumers, patients, and caregivers. However, it also opened a door to many new cybersecurity threats.

Telehealth options may have changed how health care providers can offer care, but remaining privy to cybersecurity threats in a landscape that continues to change is crucial.

Below is an overview of cybersecurity threats associated with telehealth and how to manage them.

Background on Rising Cybersecurity Threats

Due to the increased use of VTC platforms that began during the pandemic, cybercriminals have shifted to innovative attack methods that focus on VTC and telemedicine platforms. Cybercriminals are attracted to new technologies as vendors sometimes don’t properly patch or secure the systems to get them to market, making for easier targets.

Telehealth systems use internet connections to host meetings and send sensitive information, such as personally identifiable patient information, protected health information, and payment information, all of which make them prime targets for attackers who can sell this information or use it for identity theft. 

The use of these tools also increases the attack surface of the health care provider to the following:

  • Patient home network and device
  • Third-party vendors hosting platforms
  • Provider networks and systems

There are a number of risks with using and relying on the platforms, such as:

  • Increased exposure to ransomware attacks
  • Denial of service attacks
  • System failures
  • Identity and access management complexities
  • Increased compliance scope
  • Interoperability issues with legacy IT infrastructure
  • Unpatched software in patient and provider environments
  • Increased third-party vendor risk

Cybersecurity Solutions to Match the Threats

With the increased use of VTC, it’s important to have a business associate agreement (BAA) in place with your vendors and sound cybersecurity practices in place to help mitigate the risks accompanied using these platforms.

Combat Cybersecurity Threats in Online Meetings

The following list of actions can help organizations to maintain security and privacy:

  • Set meetings to private—not public
  • Require a meeting password or use the waiting room feature to control admittance
  • Require multifactor authentication when accessing the system
  • Manage screen-sharing options
  • Ensure users have the most up-to-date version of their VTC application
  • Use end-to-end encryption during communications—often not included in free versions of software
  • Provide meeting links directly, not on social media
Apply Better VTC Practices

Below are some VTC practices that could assist in improving cybersecurity.

  • Notify patients of privacy risks associated with the application or platform
  • Ensure the platform has enabled end-to-end encryption capabilities and privacy modes, so only the intended parties can participate in communication
  • Use HIPAA-compliant vendors
  • Don’t use services that don’t have a BAA
Train Employees to Tackle Cybersecurity Threats

Ensure employees have been trained and cybersecurity awareness training is updated to include instructions on how to use the telemedicine and telehealth software in addition to precautions concerning:

  • Emails and files received from unknown senders
  • Opening unknown attachments or clicking on links within emails
  • Lookalike domains and spelling errors in emails and websites
  • Sharing teleconference links on unrestricted, publicly available, social media posts
Other Cybersecurity Practices for Health Care Providers

There are many threats and risks with using telemedicine and telehealth products that can be mitigated with sound cyber hygiene and best practices.

  • Ensure that third-party risk management practices will remain in place
  • Establish user and event auditing and monitoring solutions that provide real-time alerts
  • Employ strong encryption for data at rest and when transmitted
  • Require multifactor authentication for any administrative tasks and all employees when connecting remotely
  • Conduct frequent third-party assessments to test and evaluate systems for vulnerabilities
  • Back up data to an offsite location in an immutable state
  • Limit access to sensitive data
  • Patch all devices and systems regularly

We’re Here to Help

If you have any questions or concerns about telehealth cybersecurity risks, please reach out to your Moss Adams professional.

Additional Resources

Ask a Question

Assurance, tax, and consulting offered through Moss Adams LLP. ISO/IEC 27001 services offered through Cadence Assurance LLC, a Moss Adams company. Wealth management offered through Moss Adams Wealth Advisors LLC. Services from India provided by Moss Adams (India) LLP.

Related Topics

How to Identify Top Cybersecurity Threats and Protect Your Organization
14 Steps to Develop a Tailored Solution to Combat Cybersecurity Threats
Cybersecurity Checklist for Remote Work
Best Practices for Telehealth Appointments During COVID-19

Contact Us with Questions

Enter security code:
 Security code