The healthcare industry is increasingly relying upon internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more. The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing amount of third parties entering the health supply
chain has created many benefits, but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit.
Providers have been eager to adapt to this care delivery method, but many platforms do not meet HIPAA requirements and lack adequate data safeguards. The same connectivity that makes telehealth possible also creates threats to patients. Protecting patient health information (PHI) and providing remote services doesn’t fit together easily. Any data transferred over the internet runs the risk of interception by threat actors, and healthcare has long been a preferred target for cybercriminals. In 2019, healthcare data breaches cost the industry over $4 billion.
As the COVID-19 pandemic spreads across the country, doctors, dentists, therapists and other medical professionals are turning more frequently to online visits with their patients. This makes sense: Health professionals, too, need to practice social distancing today.
The boost in virtual doctor visits, though, brings new worries of privacy. How secure is the information shared during these online visits with healthcare providers? Can cybercriminals steal your personal health or financial information? Fortunately, there are steps you can take to help protect your privacy while using video conferences to discuss medical issues with your doctors and other healthcare providers.
What are the privacy risks related to telemedicine?
As virtual doctor visits become more common, hackers could try to exploit these opportunities to steal the private medical and billing information of patients. Maybe you are sending information online to your doctor about a serious health problem such as high blood pressure, diabetes, or cancer. Or maybe you’re speaking with a healthcare provider about mental health issues or requesting a referral to a therapist. If cybercriminals intercept emails containing this information, they can sell it on the dark web to the highest bidder, who can then use that information to blackmail you or sell it to drug manufacturers who could then bombard you with targeted ads.
Healthcare records are especially valuable on black markets because they often contain information that criminals can use to steal your identity. This might include your birth date, Social Security number, medical conditions, height and weight. Criminals can use this information to take out credit cards or loans in your name. They might be able to use it to make fraudulent credit card purchases in your name, too.
You might conclude a virtual doctor’s visit by receiving your health records through email. Or maybe you’ll visit your medical provider’s online portal to access these records. Either way, savvy hackers may be able to steal the contents of your email messages or track the keystrokes you use to log onto your medical provider’s online portal.
Just as medical providers are required to protect consumer information, so are all business entities, including educational institutions like Daemen College. Due to the types of data collected, processed, and stored by Daemen, the college is subject to compliance and audit in regards to several areas of regulatory compliance.
How can I boost my privacy during online medical visits?
Ask your medical providers if they save your video sessions. Your healthcare providers should say “no” to this question. If doctors don’t save and store your video sessions, then hackers can’t access them and use them against you.
Use video-conferencing services that rely on encryption to protect your privacy. Encryption will scramble your video conferencing session into a format that is unreadable to anyone else. This can greatly decrease the chances that hackers will be able to access these sessions. Ask your healthcare providers if their virtual sessions feature end-to-end encryption. If your providers don’t know or their preferred means of virtual communication don’t include this protection, insist on using a video conferencing system that does.
Be careful what information you send in emails or text messages. It might seem convenient to send your doctor information about your health in an email or text. The same might be said about sending your Social Security number or health insurance information through these same channels. But resist that temptation. If you want to protect your privacy, only provide that information by phone or through a secure online portal. Don’t leave an electronic record of your personal or financial information.
Use a strong password for any online portals offered by your medical providers. The stronger the password, the less likely it is that cybercriminals will be able to break into your portal and steal your medical information.
Select the safest ways to have providers share medical information with you. You might tell doctors that you don’t want to receive health information by email or text, for instance, and would prefer phone calls, instead.
Be Wise About Wi-Fi. It’s highly recommended that you only have a telemedicine visit and/or share private health information over a secure network. Before you send personal information over your laptop or smartphone on a public wireless network in a coffee shop, library, airport, hotel, or other public place, see if your information will be protected.
Frequently updating all apps and operating systems, not just telehealth platforms. By having the most up to date software, your device will also have the most up to date security patches installed.
Enable anti-malware and virus scans to run at all times. The easiest way to protect your device is by having anti-malware running. This will help to protect your device, while an active virus scan will help to detect any attempt to compromise the safety of your device that the malware may have missed.