The telemedicine has grown considerably during the pandemic, thanks to the digitization of the health sector. However, this carries risks, due to the sensitive nature of personal information that is collected, shared and stored, of particular interest to cybercriminals.
Data such as a medical history can be sold on the DarkWeb for just over 1 euro and used for extortion, running scams and phishing schemes, and direct money theft. To find out if the massive transition to telemedicine is evolving at the same rate as security measures, Kaspersky has conducted a study among healthcare organizations in 34 countries (including Spain). The research shows that to face a new era of digital medicine it is necessary to reinforce cybersecurity measures.
Even though our country is in the lead Regarding telemedicine services – 100% of the medical organizations consulted have already implemented them, compared to 91% in Europe and 93% in the rest of the world – the concern for security and privacy remains significant. According to the Kaspersky research data, in Spain 37% of the health companies surveyed have experienced cases in which patients have refused to have a video call with medical personnel for privacy or data security reasons.
Likewise, 75% of Spanish health service providers state that the doctors in their organization have expressed their concern for the protection of patient data when conducting sessions remotely and only 31% are very sure that their organization has the necessary security measures in place. Despite the existing difficulties related to its safety, doctors believe that data collection is one of the most important aspects in the development of medical technology. In fact, 80% agree that the sector needs to collect more personal information than it currently has, in order to train Artificial Intelligence and guarantee a reliable diagnosis.
Similarly, 90% of Spanish respondents believe that telemedicine services will be the ones that add the most value to the health sector in the next five years. Professionals point out that remote medicine is practical and attractive in many ways, with advantages such as immediate reach, less disease transmission between patients and staff, and the possibility of helping more people in a shorter period of time.
Risks due to lack of updating
With the pandemic, the health sector has been forced to considerably accelerate the application of new technologies. However, this rapid transition to digitalization is not keeping pace with the adoption of cybersecurity measures, as the Kaspersky study shows.
According to the research, the majority (60%) of the Spanish companies that offer telemedicine services use old operating systems, which exposes them to more vulnerabilities and cyber-risks. The reasons given are mainly due to high upgrade costs, compatibility issues, or lack of internal knowledge on how to upgrade.
The use of obsolete equipment can cause cyber incidents. When software developers stop supporting a system, they also stop releasing any updates, which, among other improvements, often contain security patches for discovered vulnerabilities. If left unpatched, they can become an easy and accessible initial attack vector to penetrate enterprise infrastructure, even for unskilled attackers. Healthcare organizations collect a large amount of sensitive and valuable data, making them one of the most lucrative targets, and unpatched devices can be an entry point for attacks.
Low cybersecurity preparation
Data breaches do not always occur as a result of the actions of cybercriminals. Very often, information can be compromised by insiders. According to the Kaspersky survey, 25% of Spanish healthcare providers have experienced cases in which their employees personal information has been compromised of patients during online consultations. The same percentage believe that doctors do not clearly understand how patient data is protected.
In addition, only 13% of health service providers are sure that the majority of medical personnel who consult online are clearly aware of how their patients’ data is protected. This is so despite the fact that 70% of medical organizations offer cybersecurity awareness training. These figures come to show that most of the implemented training offer is not adapted to reality and does not cover the most useful topics for the daily practice of physicians.
Likewise, 25% of those surveyed admit that some of their doctors consult online using applications not specifically designed for telemedicine, such as FaceTime, Facebook Messenger, WhatsApp and Zoom, among others.
