A new Kaspersky report shows that the substantial growth in telehealth has put healthcare information in danger. Vulnerabilities were discovered in the systems that are used in telemedicine, a lot of which have yet to be resolved.
Substantial Growth in Using Telehealth
The COVID-19 pandemic contributed to a growth in virtual appointments, with healthcare companies expanding telehealthcare access to help control infections and reduce healthcare costs. Virtual appointments are done through the phone, video-conferencing applications, and other platforms. A number of new systems and products like wearable devices for measuring vital signs, implanted sensors, and web services are likewise being employed to assist telehealth.
Information from McKinsey indicates telemedicine utilization has gone up by 38% since the beginning of SARS-Cov-2 and COVID-19 outbreak, and the CDC states that from June 26, 2020 to November 6, 2020, approximately 30% of all doctor consultations were occurring virtually. Kaspersky states that its own records reveal 91% of healthcare companies worldwide have used telehealth technology.
Telehealth has practically been a lifesaver throughout the pandemic; nevertheless, using new technologies has risks. A lot of the products and services currently being utilized for telehealth services include a number of third-party resources that were not confirmed as possessing the required safeguards to protect the confidentiality, availability, and integrity of healthcare information, and they are possibly putting patient data at risk.
Kaspersky stated that the fast digitalization of healthcare services and the huge selection of sensitive and valuable patient information accumulated, saved, or transmitted by these new medical systems had surely been noticed by cybercriminals, who are seeking to take advantage of vulnerabilities. Research was created to take a look at the security landscape of telehealth in 2020 and 2021 to find out the magnitude to which healthcare information is being endangered.
Review of Telehealth Apps and Similar Technology
In 2021, Kaspersky analyzed 50 of the most common software being utilized to deliver telehealth services to determine vulnerabilities that can possibly be exploited to obtain patient data access, and looked at the presence of malicious code employed to imitate those apps or steal information from them. No vulnerabilities were discovered in the 50 apps, though that doesn’t mean there are no vulnerabilities, only that they were not discovered by researchers. Deeper studies of those applications may reveal vulnerabilities.
Another sad fact is that smaller organizations, such as start-ups, simply don’t have sufficient hands and assets to manage the quality and security of their programs. Consequently, such apps may have a lot of vulnerabilities presently unidentified that cybercriminals could discover and use.
The researchers then investigated wearable devices and sensors, which are frequently utilized along with telemedicine, particularly, the most often used protocol for transmitting information from wearable devices and sensors – MQTT.
According to the Kaspersky report Telehealth: A New Frontier in Medicine and Security, MQTT doesn’t call for authentication for information transfers, and even when authentication is put in place, data are transmitted in plain text without encryption, therefore MQTT is vulnerable to man-in-the-middle (MITM) attacks to obtain access to the transmitted information. When a device is open to the Web, data transmissions through MQTT can easily be intercepted.
As per Kaspersky, from 2016 to 2021, 87 vulnerabilities were found in MQTT, and 57 of the vulnerabilities were ranked critical or high-severity. A lot of those vulnerabilities have no patches yet.
Kaspersky states that Qualcomm Snapdragon Wearable, the most popular wearable device platform, is peppered with vulnerabilities. From the launch of the platform in 2020, there were over 400 bugs discovered, a lot of which have no patches yet. Several vulnerabilities were likewise discovered in other wearable devices by vendors.
Cybercriminals Are Seeking to Take advantage of Vulnerabilities to Access Patient Information
Kaspersky cautions that cybercriminals are more and more using medical subjects in their phishing activities. From June 2021 to December 2021, over 150,000 phishing attacks had been discovered that utilized medical subjects as baits, and as the digitization of medical care heightens, that tendency will likely continue to grow.
Telehealth will likely continue to be employed to deliver patient care for many years and there are demands to make telehealth flexibilities permanent in response to the pandemic. It is consequently essential for software developers and makers of wearable devices, along with the healthcare providers that make use of them, to know about the security threats linked to the technology.
Developers must be mindful of vulnerabilities that may be exploited to obtain access to patient information and ought to employ proper safety measures to keep information secured. Users of telemedicine services, particularly frontline staff who have an opinion in the systems and devices utilized for telehealth, ought to review the security of every software or product and take action to protect their accounts using strong passwords, and multifactor authentication.
It was expected that 2021 would have increased collaboration between the health care sector and IT security experts. But the intense growth of telemedicine has introduced new problems to this venture which have yet to be resolved.