The telehealth landscape and its security implications

The greater role of technology around diagnosis, use and sharing of data and professional responsibility in healthcare settings continue to show phenomenal innovation and growth. It is reported that telehealth has reached growth levels 38 times higher than pre-pandemic, which is still greater than many experts previously expected.[1]

The landscape and adoption of telehealth has grown, as both demand and need have grown. Patients have become used to remote medical consultations and shown the future of more convenient technology-led care. The wide-spread arrival of smarter and more interconnected devices has also left a positive impact on the outcomes for patients.

Nevertheless, it does mean there is a greater responsibility for the organisations supplying these services, and they must prepare for emerging exposures and risks. The range of interconnected services and devices will only continue to grow, as will risk, however. This creates new challenges for healthcare businesses and insurers alike.

Data and Patient Privacy

In terms of privacy and confidentiality, consultations need to maintain all standards as an in-person appointment. The storing, transmitting and sharing of data, must be tightly controlled to ensure that patient information is secure. Such information will be very keenly sought by cybercriminals, making companies that hold it - a prime target for extortion and ransomware. Unfortunately, any data compromise could have security and patient safety implications. These all mean the businesses need to be able to act quickly if and when things may go wrong.  This is where working with a specialist insurance broker, who understand the risks fully, can help to ensure any breaches are handled properly and correctly, including notifying any relevant authorities.

As we already noted, interconnected devices and software could have downsides and weaknesses. However, the benefits of such devices are immeasurable and have positive impacts in many areas. Therefore, it is essential that those involved in digital health devices, apps and services try to mitigate exposures and look to protect users and patients at all times.

We have seen not long ago the impact of a ransomware attack on the NHS, that took place in August, 2022. Different parts and services within the health provider were affected, such as ambulance dispatch, patient referrals, out-of-hours appointment booking, emergency prescriptions and software used by mental health trusts.[2]

Some concerning statistics from risk consultancy Kroll show that cyber-attacks on health organisations worldwide increased 90% from the first three months of 2022 to the three months ending June.[3]

This goes to show that the provision of services of such nature requires a long-term approach to the prevention of cyber-attacks and strategies in place in the event of a cyber-incident. This has a number of benefits:

• Limits the chance of a claim
• Avoids resultant reputational damage and harm
• Avoids all the resultant negative impacts of such attack on services and systems
• Keeps users and patients safe

In summary, everyone can agree on the importance of having set appropriate measures to the many and very unique risks you could face in the digital healthcare sector. But if you think you lack the necessary safeguards to protect you and your clients/patients, you should give careful consideration to the valuable assets you hold, whether data and information or tech, and consequently - the risks you’ve exposed yourself and your stakeholders to.