Telemedicine Security Challenges and Solutions
TimeFriday, April 162:00pm - 2:20pm EDT
LocationPatient Safety Research and Initiatives
In 2018, cybersecurity was named one of the greatest challenges in the healthcare industry (Healthcare Executive Group, 2018). Since then, the proliferation of telemedicine spurred by the COVID-19 pandemic has further exacerbated and garnered attention to those challenges. As of 2020, less than half of providers across the healthcare continuum meet standards put forth by the National Institute of Standards and Technology (NIST) cybersecurity framework (Cynergistek, 2020). With the addition of virtual care, healthcare infrastructure has increased its digital footprint and attack surface, while many security measures have yet to catch up.
Sophisticated attackers have evolved their tactics, capitalizing on vulnerabilities associated with COVID-19. A Microsoft report names healthcare providers and hospitals, as well as consumers, the most popular targets during the pandemic (2020). There has been an influx of mentions regarding telemedicine companies on the dark web since February, with many cybercriminals honing in on the healthcare data selling space (Security Scorecard, 2020). Medical credentials are far more valuable than credit card data on the black market, yielding over $1,000 USD (Wani et al., 2020). Meager cybersecurity progress combined with a surge of telemedicine practices and valuable patient data ensures that the healthcare industry will remain easy prey, unless serious preventative measures are taken. As the transition from traditional care continues to develop, this work seeks to better understand emerging vulnerabilities, identify crucial cyber hygiene practices, and communicate prescriptive guidance to the healthcare community. Below we outline our systematic literature review, coding process, and anticipated results.
The aim of this study is to investigate the challenges and solutions of telemedicine security by reviewing the literature. Systematic literature reviews have been used widely in the domain of human factors, but often fall short of providing a complete picture as they ignore “gray literature,” which is often produced by practitioners outside of typical academic settings. With the incorporation of gray literature, we reduce the gap between academia and industry, incorporate perspectives that may be missing from peer-reviewed research, and provide practical insights about telemedicine and security. Here, we present a literature review that includes both formal academic literature and gray literature.
Our research team used search terms “security” and ”telemedicine” in the following databases: PubMed, Scopus, and Web of Science. Given that the healthcare security landscape has seen significant changes in a short amount of time, we collected articles from January, 2017 through December, 2020 to ensure practical relevance. Our gray literature search followed guidelines set by Garousi et al. (2019) and employed the same search criteria as the formal review. First, specialized and credible health IT sources, including magazines, databases, and news sources such as Xtelligent Healthcare Media, Pulse IT Communications, and HIMSS Media were searched. Second, literature resources searched from Google that fit quality assessment were considered, such as white papers and reports, national healthcare department guidelines and policies, telemedicine market research reports, and frameworks from reputable resources and organizations. The top 100 Google search results were considered as they provided a sufficient sample, and a noticeable saturation of concepts occurred beyond this. This literature review captured an initial search of 2,349 documents.
We evaluated selected articles using a systematic approach, codebook, and spreadsheet. A consensus on how to extract information will be reached by the team coding a small sample of articles together. Gray literature documents will be assessed by authority of source, method, date, objectivity, novelty, and impact (Garousi et al., 2019). A deductive thematic analysis will be conducted to organize the findings based on the People Policy Technology framework (Schlarman, 2001).
Coding and analysis are underway, and the following are initial results regarding people, policy, and technology challenges and solutions for telemedicine security. People-related challenges associated with telemedicine are plentiful, including human error and system misuse. These challenges can be mitigated by implementing standard cyber hygiene practices, education and training, and instilling a sense of security culture. Policy-related challenges include a lack of clarity regarding data ownership, data protection, and maintaining legislative compliance. Solutions include defining telemedicine protocols and updating them regularly, reporting incidents and breaches, and performing regular risk assessments. Technology-related challenges include weak authentication mechanisms, vulnerable devices, and data storage. Solutions include multi-factor authentication, network monitoring, and using secure communication platforms. Final results from our literature review will further provide prescriptive guidance on how we can mitigate some of the greatest vulnerabilities in healthcare.