Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:30 PM
Connect Directly

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.

The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry.

New research by SecurityScorecard and Dark Owl found that the rapid onboarding of technologies for enabling the delivery of health services online has significantly broadened the attack surface at many healthcare organizations, putting both patient and provider data at risk.

Related Content:

The Telehealth Attack Surface

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

SecurityScorecard and DarkOwl analyzed data related to the use of telehealth products from 148 vendors by healthcare providers around the country.

Prior to the pandemic, the use of such products hovered at less than 1% of the overall visits to healthcare providers by people seeking access to primary healthcare services. The public health emergency prompted by the pandemic resulted in primary care visits dropping precipitously after mid-March, while the use of telehealth apps soared 350%, SecurityScorecard said, referring to a report from the US Department of Health and Human Services.

The speed at which the transition to online health-services delivery happened left little time for healthcare providers to properly vet telehealth products for security issues or to ensure their safe use, says Alex Heid, chief R&D officer at SecurityScorecard.

"We examined the 148 most popular telehealth apps from a number of angles, and there are concerns across the board, from the development, deployment, and configuration of the applications themselves, as well as the digital supply chain that supports them," Heid says.

To assess the increased risk from telehealth apps, SecurityScorecard and Dark Owl examined the increase in security alerts sent by users of these apps to IT staff at their respective organizations. The two companies compared data from September 2019 to February 2020 and from March 2020 to April 2020.

For the study, they looked at a variety of alerts, including those related to IP reputation, patching cadence, endpoint security, DNS health, application and network security, and leaked credentials. For example, for patching cadence, analysts from SecurityScorecard and Dark Owl looked at the number of alerts that were sent to IT staff involving irregularly installed or missing patches.

The analysis uncovered a 117% increase in IP reputation alerts, a 65% increase in issues involving patches, and a 56% increase in endpoint alerts. The study revealed similar increases across every other single risk vector. Application security alerts, for instance, increased 16%. FTP issues jumped by 42%, and alerts related to the frequently abused Remote Desktop Protocol (RDP) went up by 27%.

Increased Chatter
SecurityScorecard and Dark Owl also observed a sharp increase in chatter pertaining to telehealth apps and credentials on Dark Web markets and hacker forums. For example, mentions of names of telehealth vendors and products such as Teladoc, CareClix, and MeMD jumped noticeably after the pandemic began. They also noticed malicious code being shared in March via criminal forums that would allow attackers to collect patient identity and prescription information for telehealth systems. According to the researchers, the malware is likely being used presently to harvest patient data. In another instance, they discovered a hacker providing specifics on how to compromise a medical imaging system so X-rays and other medical images could be downloaded, altered, or sold.

"Healthcare organizations need to fully and completely vet the telehealth vendors they integrate with their systems," Heid says. "As with any third-party vendor, their security risks become your security risks."

The new cyber-risks within the healthcare sector since the COVID-19 outbreak started is by no means unique. Security vendors have reported similarly heightened risks across almost every other sector. Attackers trying to take advantage of the sudden shift to remote work have been hammering away at weaknesses in home networks and devices, videoconferencing and remote collaboration tools, virtual private networks, and other network equipment. Government organizations, educational institutions, and healthcare organizations have proved to be especially popular targets for ransomware, distributed denial-of-service attacks, and account takeovers.

"We were surprised to find that, prior to the pandemic, the healthcare industry had improved its overall cybersecurity posture since our report last year." Heid says. "However, the mass adoption of telehealth applications has introduced new digital surface areas, which in turn introduce new risks."


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-17
The overlayfs implementation in the linux kernel did not properly validate with respect to user namespaces the setting of file capabilities on files in an underlying file system. Due to the combination of unprivileged user namespaces along with a patch carried in the Ubuntu kernel to allow unprivile...
PUBLISHED: 2021-04-17
Shiftfs, an out-of-tree stacking file system included in Ubuntu Linux kernels, did not properly handle faults occurring during copy_from_user() correctly. These could lead to either a double-free situation or memory not being freed at all. An attacker could use this to cause a denial of service (ker...
PUBLISHED: 2021-04-17
A command injection vulnerability has been reported to affect QTS and QuTS hero. If exploited, this vulnerability allows attackers to execute arbitrary commands in a compromised application. We have already fixed this vulnerability in the following versions: QTS Build 20210202 and later Q...
PUBLISHED: 2021-04-17
An SQL injection vulnerability has been reported to affect QNAP NAS running Multimedia Console or the Media Streaming add-on. If exploited, the vulnerability allows remote attackers to obtain application information. QNAP has already fixed this vulnerability in the following versions of Multimedia C...
PUBLISHED: 2021-04-16
jose-node-esm-runtime is an npm package which provides a number of cryptographic functions. In versions prior to 3.11.4 the AES_CBC_HMAC_SHA2 Algorithm (A128CBC-HS256, A192CBC-HS384, A256CBC-HS512) decryption would always execute both HMAC tag verification and CBC decryption, if either failed `JWEDe...