According to a report from the cybersecurity firm Sophos, ransomware attacks on healthcare organizations jumped from 34% in 2020 to 66% in 2021.
Ransomware attacks on healthcare organizations can be explained by one thing: data. Healthcare organizations have access to a lot of patients’ information, from health details to insurance and payment methods. Effective ransomware attacks can access confidential patient records and even cause a delay in patients accessing information that is critical for their health and wellbeing.
Those relying on remote patient monitoring software (RPM) are even more susceptible to cybercriminals.
The pandemic has caused more patients to connect to their healthcare providers remotely. The data collected and analyzed is comprehensive and, unfortunately, vulnerable to attackers. While organizations like health clinics can undergo frequent security checks, patients at home might be less alert. Their home computers and personal smartphones may not provide sufficient protection against cyberattacks.
If the attackers infiltrate the outgoing data from a patient, they can gain control of a health system and hold it for ransom- a situation that everyone, of course, wants to avoid.
Read on to find out the threats related to remote patient monitoring software and how to bolster the security of such a system.
Increasing threat to healthcare organizations
In 2018, Baylor Medical in Texas suffered a data breach through just one credit card transaction. The intrusion exposed the confidential data of nearly 47,000 patients and guarantors.
Also in 2018, a hacker attack on Singapore’s largest group of healthcare institutions compromised 1.5 million patient records, including the Prime Minister’s.
With an ever-increasing prevalence of remote patient monitoring software, patients often use smartphones to control medical devices such as insulin pumps. During COVID-19, smartphones also qualified for FDA certification to be set up with pulse oximetry sensors.
At the same time, physicians use smartphones to remotely assess patients. This constant smartphone use increases the security risks in a system. Phones, as opposed to computers, typically do not feature adequate protection and can be infiltrated by malware, man-in-the-middle (MITM), and other attacks.
Note that a phone does not need to be connected to the internet in order to be hacked. These infiltrations can be carried out via Bluetooth, radio waves, and other non-internet-based features.
How hackers compromise patient data
The most common methods of cyberattacks on healthcare systems and virtual health platforms are:
- Phishing: The most common cyberattack method is executed with a mass message. The message, usually an email, appears to be from a reliable source. Once a recipient opens the message, they’re influenced to either navigate to a website or download a malware file. Often a phishing email is directed toward specific recipients such as supervisors and managers, with personalized messages and links.
- Denial-of-service (DoS): During a DoS attack, the offenders overload a network with so much traffic that it becomes inaccessible. Used to damage an organization’s reputation or harm patients, a DoS attack can prevent teams from accessing patient data, even in emergency situations. Distributed Denial-of-Services (DDoS) is a subtype of hacking event that uses several machines to make the attack even more challenging to stop.
- Privilege escalation: This method involves escalating a regular login into an administrative account. After a computer is infected by malware, administrative credentials are stolen and used to add privileges to the regular account. Administrative access can enable attackers to infect systems with more severe malware and even take control of remote patient monitoring software.
How to protect information when using RPM software
The best procedures to ensure the safety of patients’ information when using remote patient monitoring software are:
Multifactor authentication of identity
Healthcare providers and patients often access health records outside the network. A basic authentication system featuring user identity and password is vulnerable to attacks.
On the other hand, multi-factor authentication requiring at least two pieces of information reduces potential threats.
Along with a strong password, the additional security check could be a one-time password on the verified phone number. Or, to make the process more simple, the devices can also use biometric authentication via fingerprint, voice, or facial recognition.
Secure locked-down devices
Healthcare providers can collaborate with security vendors to provide secured mobile devices to remotely managed patients.While the “locked-down” tablets can have Bluetooth and Wi-Fi to relay data to providers, they shouldn’t be compatible with third-party apps or web browsers. The patient can then use wearables to input data.
Such devices will be practically invisible to attackers, and they will streamline the login process for users.
Network and data security
A virtual private network (VPN) to use remote patient monitoring software can protect patients and clients from sharing data over insecure connections. The data can also be secured in databases using cloud encryption so only authorized personnel can access it.
Remote patient monitoring tools for you
Despite the cybersecurity threats, remote health monitoring software is the need of the hour.
With an eight-year track record of remote healthcare monitoring, CoachCare caters to 3,000+ organizations, from independent practices to large health systems. With our years of experience and vast knowledge around cybersecurity, we can ensure peace of mind while using RPM for both patients and providers.
Not sure if a remote patient monitoring platform is the way to go? Click here to try the RPM quiz and determine how a remote healthcare monitoring system can benefit you and your patients.