The coronavirus pandemic has encouraged many changes in the health-care sector, far beyond management of the disease itself. The emergence of telehealth as an attractive, practical option in a socially distanced world could permanently alter the way we provide and receive medical services. But like many medical innovations, tele-health also opens up a lucrative opportunity for cybercriminals.
Telehealth uses technology to digitally connect patients with their care providers, who can deliver advice, diagnoses and even some forms of treatment virtually. Practitioners can use these applications to create digitized notes, helping them meet standards for the upkeep of electronic health records. Telehealth has also spurred the development of ‘virtual rooming assistants’, which can admit patients into digital exam rooms and note medical histories, improving the efficiency of providers.
As businesses take advantage of the benefits of telehealth, they may be unaware that they also face an increased risk of cyber liability. The digital transfer of information between patient and provider, followed by the online storage of healthcare data, can be a tempting draw for cybercriminals. Theft of healthcare records is arguably the most lucrative form of cybercrime; a healthcare data record can be valued at up to $250 on the illegal market. By comparison, a payment card is valued at just $5.40, according to Trustwave.
This highly personal information can be harvested and sold to forgers, human traf-fickers or those looking to exploit it for a ransom. According to the US National Library of Medicine, 41.2 million healthcare records were exposed, stolen or illegally disclosed in 2019 alone.
There are a few crucial ways that health-care providers can combat this threat. Businesses should check their networks for vulnerabilities and ensure that any home devices, in particular, are up to date with he latest firewalls. Any device that is using Windows 7 should be prioritized for an update, as the discontinued operating system is no longer offering security updates and is at greater risk of viruses and malware.
“The digital transfer of information between patient and provider, followed by the online storage of healthcare data, can be a tempting draw for cybercriminals”
In addition, one of the most effective tools to prevent cyber incidents is cybersecurity education. The rise in COVID-19-related phishing emails offering in-demand items, including N95 masks and ventilators, could be stymied by training employees on what to look for to avoid an attack.
Mitigating the damage if a cyberattack occurs is also imperative. Cyber insurance coverage can include emergency response tools and training resources to reduce the impact of a breach on a provider’s bottom line, and it can be conveniently packaged with professional and general liability poli-cies. Packaging cyber coverage with other types of insurance minimizes the chance that a claim falls uncovered into the cracks between carriers.
When comparing cyber coverage, health-care providers and their brokers should keep in mind that endorsements and add-on coverages, while more cost-effective, are not typically designed to provide the full breadth of cyber protection. Look for an insurer that has expertise in both cyber and healthcare liability, and when discussing coverage, ensure that the services and operations planned over the policy period are clearly communicated to obtain suitable protection. As a result of COVID-19, carriers are looking to limit their exposure to similar large-scale events, so it’s also important to review communicable disease exclusions to determine the types of claims and loss amounts a policy covers.
The pandemic has revealed our capability to adapt, evolve and triumph under immense pressure, and the healthcare industry is a perfect example. Even when some busi-nesses return to brick-and-mortar locations, virtual services will continue to be a source of revenue for healthcare providers and will remain a convenient choice for patients. The pervasiveness of telehealth will depend on the willingness of health insurers to reimburse for visits over a virtual platform, the extension of temporary directives under state and federal regulation, and, ultimately, on providers’ commitment to protecting themselves and their patients by minimizing cyber risks.