By Brad Smith (technology expert, TurnOnVPN, a non-profit organization focusing on a free and unimpeded internet for all)
During the COVID pandemic, many patients were stuck at home, left with no way to make their regular medical appointments. For this very reason, many doctors, therapists, and psychiatrists began emphasizing the importance of telehealth.
According to JAMA Network Open, telehealth services saw a greater than 1000% increase last March—around the time the pandemic started.
With telehealth, patients could continue their regular appointments with little hindrance, medical resources on-site wouldn’t be so strained, and it would be easier than ever for doctors and patients to communicate with each other.
Dangers Facing Telehealth Patients
All that said, telehealth patients need to be careful when using telehealth services. Why? Cybercriminals have begun focusing on telehealth services in a couple of ways.
Note that these risks affect patients more so than medical practices. The reason being that, while medical practices are required to pay attention to cybersecurity and follow HIPAA Compliance, patients are often caught lacking in the cybersecurity department.
Let’s start by talking about data breaches. If neither the patient nor the medical staff neglect proper cybersecurity, it becomes easy for a cybercriminal to breach both parties’ data.
For example, an unsecured call opens both the patient and staff up to a man-in-the-middle attack, a practice where a cybercriminal listens in on a call and intercepts the data transfer between both parties. Patients are especially vulnerable to this if they are not on a secure network.
If cybercriminals have learned one thing, it’s that phishing scams, unfortunately, work. The reason for this is that when it comes to serious topics like anything regarding a patient’s health, they will respond before they verify the source of the email.
Typically, phishing scams will ask for personal information or take the patient to an online form where they will fill out a form with tons of their personal information (their social security number, for example).
How Patients Can Secure Their Devices
Fortunately, there are plenty of ways that patients can secure their data while using telehealth services. Today, let’s go over three of the best ways to do so.
1. Encrypt Their Connection
To avoid data breaches (on the patient’s end) and man-in-the-middle attacks, it is recommended that all telehealth patients encrypt their connections. This means strengthening the security of their network and encrypting the data their device sends out during a telehealth visit.
Modern home networks often come with good encryption, so patients should mainly focus on encrypting their device’s data with a VPN, a Virtual Private Network. What a VPN does is actively encrypt the data your device sends out and anonymizes your presence on a network, making it a perfect solution for active data encryption.
2. Use Strong Passwords for Telehealth-Related Accounts
Many doctors use services like MyChart to make patient communication easier. Messages, test results, and notes: telehealth services like MyChart are useful for both patients and medical staff. And since private patient information is shared on these services, patients often need to create accounts and secure their accounts with a password.
That said, some patients probably don’t use as strong of a password as they should. If you use an online telehealth service, make sure that your password is strong enough that a cybercriminal can’t guess it.
3. Scan Their Device(s) for Malware
Patients need to routinely check their devices for malware. Since certain types of malware—spyware and keyloggers being major culprits—can often go undetected for extended periods of time, performing routine scans will help patients stay secure, especially during telehealth visits.
With a rise in telehealth comes a rise in cybercriminals targeting patients with scams and cyber-attacks. To stay safe, patients need to do the best they can to secure their devices, which means using strong passwords, scanning their devices for threats, and encrypting their data.