Security Assurance in the Expanding Telemedicine Landscape

The following is a guest article by Sonia Arista, Healthcare CISO at Fortinet.

As with other industries, healthcare continues to thrive thanks to new technologies, including telemedicine. By offering this service, medical professionals can monitor the wellbeing of their patients remotely, something that has proven to be a critical service in today’s health landscape. For those that are unable to get to a care center for any number of reasons, telemedicine has and continues to play an important role in protecting the public, especially amid rising health concerns. This is further illustrated by the fact that the value of telemedicine is projected to grow to $130.5 billion by 2025.

Cyber Risks Associated with Telemedicine

While the benefits of this practice are clear for the healthcare industry, it is also worth noting the cyber risks that telemedicine poses. One concern goes back to how telemedicine itself functions – physical devices, software, and applications working together to connect remote patients and even multiple networks to a healthcare provider. As data is in transit between these networks, it can be susceptible to cyberattacks that could lead to a misdiagnosis, not only impacting trust and communication, but impacting the health and well-being of the patient seeking care.

In order to avoid this scenario, healthcare IT teams must not only focus on bandwidth and network performance but also the security implications of having these factors working in conjunction with each other.

Third-Party Risks

When connecting with their doctors remotely, whether through a messaging app or video chat, patients are using personal devices that may be connected to public WiFi networks. It is the lack of visibility and, oftentimes, security of these networks that enables cyber criminals to gain access to healthcare systems. In addition to impacting the compliance of the healthcare organization in question, this type of breach could put patients, their data, and their level of care at risk.

Internal Risks

Effectively securing telemedicine efforts not only requires healthcare organizations to look to their patients but also their employees and the risks they may pose. With a remote workforce becoming more prevalent, especially due to recent events, there is the possibility for security to become less of a priority when compared to maintaining business continuity as employees experience a shift in their normal routines and location.

While the remote workforce and telemedicine practices are not fully comparable, in the sense that medical practitioners may still be working in their normal office environment while treating patients remotely, both highlight ways for cyber criminals to exploit vulnerabilities. In both scenarios, there is a chance that users will not be required to take the extra step and go beyond entering a password to access valuable data. Without proper controls in place around authentication and credentials validation, cyber criminals can enter networks, oftentimes unnoticed, and get what they came for before anybody becomes the wiser.

Taking the Steps to Secure Telemedicine

With an understanding of the risks that telemedicine can pose to healthcare networks, employees, and patients, organizations need to adopt the tools they need to secure this practice. In addition to encouraging employees to implement more effective password security practices, IT teams should also consider solutions that work together to achieve the following:

  • Multifactor authentication: By requiring more than just a password, organizations can ensure that unauthorized users are unable to gain access to the network and the valuable data it holds.
  • Data loss prevention (DLP): When choosing a solution, healthcare organizations should emphasize this functionality, especially for those devices which are frequently used to access sensitive data, such as protected health information (PHI).
  • Advanced threat protection: IT teams should have the ability to analyze suspicious content, including malware, within their network environment before it can reach its intended destination.
  • Secure wireless connectivity: While healthcare organizations may not have control over the security of patient networks, they should still look for a solution that secures wireless access within their own networks, featuring full integration and configuration within a single pane of glass solution for maximum visibility and control.
  • Secure telephony: Even when speaking with patients over the phone, the security of communications should not be any less of a priority than if they were text messaging or video chatting. IT teams should look for a solution that secures, manages, and monitors this telephone traffic.

What’s Next for Telemedicine?

The world is experiencing a shift in the public health landscape, one that has led both doctors and patients to rely on technology and remote communications more than ever. In this time of constant change, the role of telemedicine in healthcare cannot be understated. For individuals to truly benefit from this practice, however, healthcare organizations must take appropriate steps by working with their employees and adopting solutions that are designed to keep communications and data as secure as possible.

About Fortinet

Fortinet (NASDAQ: FTNT) secures the largest enterprise, service provider, and government organizations around the world. Seven of the 10 largest U.S. health systems and global life sciences organizations rely on Fortinet’s industry-leading network security, threat intelligence and analytics to protect their most valuable asset: patient data. Fortinet Security Fabric architecture can deliver security without compromise to address the most critical security challenges, whether in networked, application, cloud or mobile environments. Worldwide, more than 425,000 customers trust Fortinet to protect their businesses. Learn more about Fortinet Healthcare Solutions at