Topic: COVID-19 Telehealth Risks and Best Practice Privacy, Security

Highlighting the risks posed by lifted restrictions on communication apps amid the COVID-19 pandemic, new research published in the Journal of the American Medical Informatics Association urged healthcare organizations to take steps to bolster telehealth privacy and cybersecurity measures.

In March, the Department of Health and Human Services announced it would lift penalties around a range of telehealth uses to help support the response to the national crisis, including an expanded list of platforms permitted for use that would fall outside of those deemed compliant by the HIPAA rule under normal circumstances.

Simultaneously, federal agencies and security researchers increased the rate of reports, alerts, threat insights, and guidance to support providers as they rapidly increased the scope of these platforms, in addition to the rapid adoption of remote work and temporary care sites.

In fact, phishing campaigns tied to COVID-19 and nation-state hacking efforts targeting the healthcare sector have dominated the threat landscape, even up to this week.

To privacy and security leaders Mohammad Jalali, PhD, William Gordon, MD, and Adam Landman, MD from Harvard Medical School and Brigham and Women’s Hospital, a host of new cybersecurity risks were introduced by new telemedicine app implementations, which have been amplified by onslaught of ransomware attacks.

“Despite the numerous barriers to telemedicine, such as educating staff, cost, reimbursement, access to broadband, and patient digital literacy, telemedicine has flourished during the pandemic, forcing implementations that may have taken years without such a catalyst,” researchers wrote.

“As we continue this shift to telemedicine, new issues and risks unravel that need to be addressed, particularly in regard to information security and privacy, and ongoing work is needed to ensure that our technology infrastructure provides an environment for safe and effective care delivery,” they added.

Zoom, in particular, has rapidly expanded the threat landscape, given a host of security issues that include a lack of adequate encryption of communications and the ability of unauthorized users to interrupt video calls in an effort previously dubbed ‘zoombombing’.

The researchers also spotlighted the recent death of a patient in Germany, brought on by an ambulance diversion amid a ransomware-induced EHR outage. Cyberattacks also notoriously spur delays in patient care, economic loss, and negative impacts on business operations.

The most recent EHR downtimes in the US were brought on by ransomware attacks at Universal Health Services, Sky Lakes Medical Center, the University of Vermont Health Network, St. Lawrence Health System, and Sonoma Valley Hospital, which is still recovering its EHR and network more than two months after a ransomware attack.

Topic Discussed: COVID-19 Telehealth Risks and Best Practice Privacy, Security

Read Original Article