Security pros must keep up with the telehealth explosion

A spine surgeon at Brigham and Women’s Hospital in Boston demonstrates a telehealth follow-up appointment with a recent surgery patient. (Photo by Jessica Rinaldi/The Boston Globe via Getty Images)

Telehealth, once considered a luxury that only around half of hospitals offered, has accelerated during the COVID-19 pandemic. It’s become an invaluable tool for a population living with social distancing, giving patients the opportunity to seek medical consultations using today’s digital technologies.

The recent growth in telehealth has been dramatic. Projections from Forrester Research predict that virtual healthcare interactions in the United States are on pace to exceed 1 billion by the end of 2020, as people look for diagnoses from home. For many, the increased use of telehealth has the potential to offer consultations more quickly and widen access to healthcare.

However, as early as March, demand for digital consultations had skyrocketed more than 10 percent – leaving the medical industry working hard to respond.

Security can’t get left behind in the rush to keep up with demand and deploy new systems, especially with sensitive and personal healthcare data on the line. The stakes are high: people need to believe that they can run these telehealth sessions securely – that their personal health data won’t get lost or stolen.   

A proactive approach to protection offers the best foundation for cybersecurity across the telehealth industry. It depends on a range of processes, beginning with risk assessments to identify which applications present the weakest links. These assessments are vital because in many cases, hackers can easily gain domain-level access privileges across many of today’s widely-used applications. Here are the top five steps healthcare practices should consider:

1. Weave security throughout the development process.

Security must get woven into the application development process right from the outset. Automated application testing platforms or tools can play a vital role in helping to identify and fix vulnerabilities at any point in the development lifecycle. What’s more, security pros can leverage automation to assess third-party apps and ensure security gets built into an entire application suite to minimize the risk of serious security breaches.

2. Implement real-time application security assessments.

Ongoing, real-time application security assessments let users stay ahead of the latest threats and threat actors who try to access, steal, change or delete PII or patient health records. And since many applications are developed to schedule, message and store patient information, it’s essential to address compliance requirements, reduce risk and produce safer apps that are secure from potential attacks. It’s just much more cost and time effective when applications are built with security in mind.

3. Make vulnerability scanning assessments simple for developers.

When breaches occur, healthcare organizations often lack the resources and time to carry out effective remediation and mitigation. By making vulnerability scanning and assessments easy for developers, it can drastically reduce the time and resources required for manual and time-intensive review and verification of vulnerabilities. Important security personnel are then free to focus on higher level issues, such as risk governance and compliance.

4. Educate users to help keep them secure.

Telehealth providers must play a leading role in educating patients to stay secure. Regular communication can help avoid the most common pitfalls, such as phishing emails, viruses and ransomware. This requires a long-term commitment and ongoing education that creates trust between telehealth providers and their patients.

5. Optimize the customer experience to promote better security.

As more people turn to telehealth applications, developers will need to optimize their user interfaces to help people use applications correctly and maximize security. It’s likely that users will fit into different age groups, and some may not have as much familiarity with online services. It’s vital that telehealth providers make the user experience a priority in application development. In an increasingly crowded market, users will find a well-designed and intuitive user interface helpful and it may also become an important way for providers to maximize their competitive advantage.

From email scams, human error and devices infected with malware, healthcare facilities face a wide variety of cybersecurity risks. The industry sits at a pivotal moment, as many organizations scramble to keep up with this digital demand. While the country takes cautious steps towards normalcy, telehealth will offer a vital service to millions of people – and security must keep pace.

Bryan Becker, product manager, WhiteHat Security

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.