Telehealth is biggest threat to healthcare cybersecurity, says report

A new report released from SecurityScorecard and DarkOwl sees increased risk across application and endpoint security, IP reputation, patching cadence and network security.

Although a new report suggests that the healthcare industry slightly improved its security posture this year compared to last, it warns that increased provider reliance on telehealth since the COVID-19 pandemic now presents a new slate of risks to patient data.

The COVID-19 pandemic presented a multitude of juicy opportunities for bad actors, ranging from phishing attempts fueled by fear of the crisis to patchy work-from-home security practices.

The SecurityScorecard/DarkOwl report, which examined more than 30,000 healthcare organizations from September 2019 to April 2020, notes that the reliance on telehealth amplifies risk as well.

“The rapid pace at which telehealth applications were rolled out during the pandemic made them attractive targets for cybercriminals,” said Sam Kassoumeh, COO and cofounder of SecurityScorecard in a statement provided to Healthcare IT News.

“Patients connect with telehealth providers using web-based applications that include structured and unstructured data. With the exponential increase in use of these applications, cybercriminals targeted them more purposefully,” researchers wrote.                     

“The starkest increase in mentions of telehealth keywords was observed from the second to the third week of March, when there was a 144% increase,” according to the report.

Report authors also flagged endpoint security – including medical devices and COVID diagnostic devices – as a major concern.

Reference:

https://securityscorecard.com/resources/healthcare-industry-telehealth-cybersecurity-risks-report