Cyber risks explode with move to telehealth services

The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry.

New research by SecurityScorecard and Dark Owl found that the rapid onboarding of technologies for enabling the delivery of health services online has significantly broadened the attack surface at many healthcare organizations, putting both patient and provider data at risk.

SecurityScorecard and DarkOwl analyzed data related to the use of telehealth products from 148 vendors by healthcare providers around the country.

Prior to the pandemic, the use of such products hovered at less than 1% of the overall visits to healthcare providers by people seeking access to primary healthcare services. The public health emergency prompted by the pandemic resulted in primary care visits dropping precipitously after mid-March, while the use of telehealth apps soared 350%, SecurityScorecard said, referring to a report from the US Department of Health and Human Services.

The speed at which the transition to online health-services delivery happened left little time for healthcare providers to properly vet telehealth products for security issues or to ensure their safe use, says Alex Heid, chief R&D officer at SecurityScorecard.

“We examined the 148 most popular telehealth apps from a number of angles, and there are concerns across the board, from the development, deployment, and configuration of the applications themselves, as well as the digital supply chain that supports them,” Heid says.

To read the complete article, visit Dark Reading.