As hospitals and health systems continue the shift to telemedicine, new issues and risks with cybersecurity have arisen that will require ongoing work to preserve privacy and safe care delivery, Harvard Medical School researchers say.
In a Dec. 16 article for the Journal of Informatics in Health and Medicine, Mohammad Jalali, PhD, IT professor at Harvard Medical School; Adam Landman, MD, CIO at Brigham and Women's Hospital; and William Gordon, MD, professor at Brigham and Women's Hospital, highlighted security risks of video conferencing apps and the increase in ransomware attacks on healthcare organizations.
While the federal lifting of restrictions on communication apps such as Zoom and Skype during the pandemic has increased access to telemedicine and helped boost virtual care adoption, it has posed new security risks for healthcare organizations.
"For example, Zoom, currently one of the most popular video-conferencing platforms, has had a tenfold increase in usage over just a few months, including increased use in healthcare, leading to several important privacy considerations, such as intruders joining video conferences or inadequate encryption of communications, leading to the possibility of eavesdropping," the researchers wrote.
Here are five ways they suggest to increase cybersecurity practices for telemedicine:
1. Make awareness the first step. Promote education, employee training and practice simulated cyberattacks, such as sending fake phishing emails to build a culture of security across the organization.
2. Ensure best cybersecurity behaviors are followed, including encrypting data, keeping software updated, running antivirus software, using two-factor authentication and following local cybersecurity regulations.
3. Transition from consumer video-conferencing tools such as FaceTime or Skype to an enterprise healthcare-specific video-conferencing platform. This type of enterprise-grade software may include key security features such as encryption and settings that require a waiting room with every teleconference.
4. Healthcare organizations should partner with telemedicine and cybersecurity vendors to implement tools such as artificial intelligence and blockchain to better prevent and detect cyber threats.
5. While prevention and detection capabilities are critical, organizations should also prepare with incident response plans in the event they do get hit by a cyberattack so they are well prepared and minimize negative consequences.