Summary: HHS’s Health Sector Cybersecurity Coordination Center issued guidance on telehealth cybersecurity. Telehealth platforms can increase providers’ attack surfaces, potentially exposing patient data to breaches, ransomware, and phishing. Recommendations include segmentation, encryption, multi-factor authentication, and zero-trust architecture to secure networks, minimize risks, and safeguard confidential patient information.
Key Takeaways:
- Telehealth solutions expand health care providers’ digital vulnerabilities, requiring robust measures like network segmentation and encryption.
- Adopting multi-factor authentication and zero-trust principles helps reduce cyber threats and better protects patient data in remote care settings.
The Department of Health and Human Services (HHS) Health Sector Cybersecurity Coordination Center released guidance on cybersecurity for telehealth applications.
Challenges in Securing Telehealth Platforms
The guide highlights the challenges of securing telehealth platforms due to vulnerabilities that can expose them to a range of cyberattacks, such as data breaches, structured query language attacks, ransomware, phishing and more.
“As health care providers integrate telehealth platforms to better serve patients remotely and improve patient outcomes, especially for patients in rural or underserved areas, cyber adversaries consider these platforms an extension of a provider’s ‘attack surface,’” said John Riggi, American Hospital Association national advisor for cybersecurity and risk.
RELATED: Joint Commission Launches New Telehealth Accreditation Program
Recommendations for Protecting Patient Information
The guide also lists several ways to secure and protect patient information.
“If not properly secured and network segmented, the telehealth platform’s technical infrastructure may be visible and accessible on the internet and provide access to a provider’s main networks,” said Riggi. “Using multi-factor authentication, zero-trust architecture, robust encryption and other steps recommended in the advisory will help protect provider networks and patient data.”
For the latest cyber and risk resources and threat intelligence from the AHA, visit aha.org/cybersecurity.