Between May 2020 and April 2021, more than 34 million healthcare records were breached, nearly a third of which occurred in the first four months of 2021. It’s a troubling trend that is growing. The Department of Health and Humans Services (HHS) reports that there were 300 data breaches within healthcare organizations between January 1, 2022, and July 27, 2022.
Not only have these breaches put millions of Americans at risk, but it has also cost healthcare entities millions in lawsuits. According to a report by IBM, the average cost of a healthcare data breach on a U.S. healthcare organization is $8.64 million.
Cybersecurity and Telehealth
The increased adoption of telehealth, brought about by the pandemic, has led to increased security concerns. As healthcare providers quickly rolled out their telehealth solutions, they also increased their digital footprints at a time when traditional risk management and oversight procedures were severely challenged.
A report by SecurityScorecard found that in 2020 telehealth providers “experienced a nearly exponential increase in targeted attacks as popularity skyrocketed, including a 30% increase of cybersecurity findings per domain.” According to the report, the increase in “IP address reputation findings” for telehealth providers increased 117%.
Protecting your organization with A Secure Telehealth Platform
While in-person visits have once again become the norm, many providers have chosen to keep telehealth as a part of their ongoing service offerings. The workflows are in place and patients like having telehealth as an option for their nonurgent care. We also now have evidence that telehealth can deliver “as good as or better than usual care” outcomes for specific populations. And this is in addition to reduced costs and expanded access to care.
How can provider organizations protect their telehealth solutions from cyber criminals while still maintaining the benefit of telehealth? Following are guidelines for doing just that.
Employee error and lax internal security practices are common factors leading to a data breach. Since more employees are working from home on a permanent basis, the importance of education is greater than ever. They must understand how to secure their work environments—at home or in the office—to avoid cyber threats. Basic cybersecurity training should include:
- How to manage WPA2 settings on home wi-fi routers
- The importance of changing all passwords, including those on a home router
- How to keep software and devices updated
- Best practices for protecting personal and professional information
- How to recognize phishing emails and suspicious links
- Using gatekeeping protocols to keep uninvited guests out of virtual meetings
Secure deployment of video solutions
Many organizations overlook the risk brought about through recorded meetings viewable on the web—namely meeting-bombing. One of the best ways to mitigate this threat is by deploying their video solution on a private instance to provide the highest level of control. This includes true on-premises, private cloud, and hybrid instances. A multitenant cloud system also provides flexibility but with less controls for IT administration.
Ensure vendor compliance
When it comes to secure video communication, healthcare organizations should conduct vendor due diligence. This is especially important when choosing a new telemedicine solutions provider. The best secure telehealth platform will have the requisite technology and policies in place to protect data and privacy. Those security factors should include:
- Built-in protections for secure access and call participant identity verification
- Partnerships with vetted and approved webservice providers
- Transparent privacy and data use policies
- Machine-to-machine encryption for endpoint and server communications
- Compliance with NIST guidelines and ISO 27001
- Compliance with GDPR, California Consumer Privacy Act, NYS SHIELD Act, and other relevant regulations
The next steps for Secure Telehealth Platform
Bad actors aren’t going away and their efforts to infiltrate as many healthcare systems as possible are likely to grow exponentially. With the increased adoption of telehealth, it is crucial that healthcare organizations partner with telehealth solutions providers that ensure cyber security throughout their entire platform. VidyoConnect from VidyoHealth is a great choice.
VidyoConnect is a state-of-the-art video conferencing platform with unmatched quality, security and reliability. As opposed to security as a feature, the VidyoConnect’s secure telehealth platform adheres to the highest security standards to protect the sensitive information of the organizations that rely on our service.
- HIPAA compliant
- Exceeds industry encryption standards
- HTTPS with certificate support on login
- Encrypted tokens for session security
- Signaling and media encryption
- Spoof prevention, component authentication, session security
VidyoHealth maintains an information security governance policy that controls the way the confidentiality, integrity, and availability of your information is handled, thereby preventing misuse and malicious damage that could impact both your organizations and your patients.
Learn more about VidyoConnect and why more than 4,000 healthcare providers put their trust in VidyoHealth for their telehealth needs here.