The Privacy Risks of Telehealth and What You Can Do To Protect Your Privacy

In the current COVID-19 world, telehealth and the Internet of Medical Things (IoMT) are booming but the healthcare industry is unsurprisingly under unprecedented levels of cyberattack

If you’re a telehealth patient or you use an Internet-connected medical device like a smart continuous blood glucose monitor or connected asthma inhaler at home, you might be rightly concerned about the privacy and security of the personal information you share. It pays to understand the problem and what you as a consumer can do about it.

Telehealth is booming   

The COVID-19 global pandemic has seen consumer adoption of telehealth take off, from 11 per cent of US consumers using it in 2019 to 46 per cent of consumers using it now, and 76 per cent interested in using it in future. Other countries are seeing similar uptakes. US healthcare providers have rushed through virtual delivery options in 2020 and are now seeing up to 175 times the number of patients via telehealth than they saw previously.

Massive advances in remote medical devices and the greater necessity to use them given restrictions on in-person care have also helped to rapidly expand telehealth globally. As this author says, ‘Technology and adoption have collided, at the onslaught of a pandemic, no less.’

But of course more virtual healthcare delivery and more connected devices increases the healthcare industry’s cyber ‘attack surface’, and it’s important that you know what’s at stake when you connect to a medical environment or device from home.  

Telehealth has plenty of upsides—greater convenience and improved or more timely access to care, better follow-up care, better patient outcomes, and a more efficient healthcare system—but the data privacy and security risks are real. A recent Deloitte survey found deep concern in the medical profession over the security and privacy implications of telehealth. Consumers are reporting trust issues with the technologies and systems too—and for good reason.

Telehealth is under cyberattack

The healthcare industry is in the process of rolling out a collective $65 billion in cyber defense systems, but hacking attacks and data breaches in this data-rich environment are staggeringly frequent. 

Like other data breaches, healthcare data breaches are raging. In 2019, a reported 40 million Americans were caught up in a healthcare data breach, far more than the 18 million reported for 2018. And while the healthcare data breaches to date are not among the largest data breaches on record, they can be incredibly damaging because of the highly sensitive information they expose. But it’s important to note that breaches due to negligence (errors within the organization) happen twice as often as malicious attacks. 

Symantec reports many servers hosting healthcare records are unprotected or easily accessible, and the situation is worsening. The healthcare industry is struggling to protect patient records: in 2019, data breaches and ransomware attacks cost the US health sector about $4 billion. Other countries, such as the United Kingdom and Singapore, are experiencing the same issue. Some argue that in this global pandemic, telehealth ‘security is taking a back seat to usability’. 

Cybercriminals are after medical records. They value your medical data much more than your credit card, because your medical records contain loads of personal information, much of which they can use for identity theft, to fraudulently obtain medications, medical services, and medical benefits in your name. But they have other motivations too, including patient harm and critical infrastructure chaos. For a quick summary of the healthcare data risk situation, check out this short report.

Where do you fit in all this?

As a patient during a pandemic, or a consumer in a remote or regional location, remotely accessing your medical support might be your only option, or the convenience or other benefits of telehealth might suit you enormously. But given the current cybersecurity risk landscape, the privacy and security of your personal data can’t be guaranteed. 

Of course, you can’t control this risk or your health providers’ response to it and, over time, it’s likely the healthcare industry and regulators will fix some of the issues we’re seeing. But as a consumer you can take your own action and be proactive in managing the privacy and security of your personal information using the tools and knowledge you have available (recognizing that nothing can be perfect).

Here are some concrete steps you can take to protect your privacy in telehealth:

  1. If you’re in the United States, make sure your healthcare provider is using a telehealth solution (e.g. video and messaging apps) that meet the strict standards of the Health Insurance Portability and Accountability Act (HIPAA). Here are some questions to ask. Outside the US, check the equivalent requirements for your country.
  2. Stay on top of software updates on all devices. 
  3. Create strong passwords and protect them using a password manager.
  4. Use antivirus and firewall software.
  5. Enable two-factor authentication if available (a second factor on top of username and password).
  6. Set up a ‘Medical Sudo’ profile in MySudo and use it to safeguard and silo your medical and healthcare communications, browsing history, and online payments. 

What you can do with a Medical Sudo profile

When you set up a Sudo profile for any purpose (shopping, socializing, selling secondhand goods, booking travel etc.), you select a real working phone number and email as alternatives to your personal ones, a private browser and the option to set up virtual cards. This means you can:

  • Call, text, and email anyone without giving up your private details. For example, if a telehealth service is delivered over regular telephony services, you can use MySudo instead of your regular cell phone if you would like to keep that activity privately siloed and organized.
  • Search the internet without ads and pop-ups using the private browser.
  • Pay online with your virtual card without worrying about tracking (by your health insurer, for example) or hacking.

You’ll find loads more information about how to use MySudo, the world’s only all-in-one privacy app, on our blog.

MySudo is available for iOS and Android. Download it today.