The COVID-19 pandemic has resulted in a rapid increase in the use of online services to do everything from shop for groceries to see a doctor.
While being able to see a doctor without having to leave home is convenient, there are risks—especially when it comes to cybersecurity. A new study from SecurityScorecard and DarkOwl warns that, while the healthcare industry did improve its cybersecurity practices this year compared to last, the fast rise of telehealth has introduced a new slate of risks to patient data.
"The rapid pace at which telehealth applications were rolled out during the pandemic made them attractive targets for cybercriminals," said Sam Kassoumeh, COO and Co-Founder of SecurityScorecard, in a statement. "Our report findings illustrate that in order for the healthcare industry to protect patient and provider data, vetting and enforcing security protocols around new technology providers remains paramount.”
Researchers analyzed security alerts sent to IT staff at 148 of the most popular telehealth apps and discovered that they increased by as much as 30% from March through April, compared to September 2019 through February 2020. In healthcare, a 77% decrease in “IP reputation security alerts" was reported, while telehealth vendors reported an increase of 117%.
The study went on to report that criminals have been using a range of attack methods, including a 65% increase in patching cadence findings and a 56% boost in endpoint security findings. Researchers also found an increase in discussion regarding telehealth apps and credentials on dark web markets and hacker forums, as well as malicious code being shared via criminal forums.
Experts, however, do not believe telehealth will go away after the pandemic, so cybersecurity will need to remain a top priority for vendors, health systems, and patients. It is no surprise that spending on cybersecurity is expected to grow, with eight of ten cybersecurity markets projected to grow faster than the market average.
In the meantime, consumers can protect their information by avoiding responding to potential phishing emails, using reputable telehealth companies and services, monitoring their accounts, and running cybersecurity software on their devices.