Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


06:30 PM
Connect Directly

Cyber-Risks Explode With Move to Telehealth Services

The hasty shift to online delivery of primary care services since the COVID-19 outbreak has attracted significant attacker interest.

The mass adoption of telehealth applications and services in the months since the COVID-19 outbreak began has introduced new cyber-risks within the healthcare industry.

New research by SecurityScorecard and Dark Owl found that the rapid onboarding of technologies for enabling the delivery of health services online has significantly broadened the attack surface at many healthcare organizations, putting both patient and provider data at risk.

Related Content:

The Telehealth Attack Surface

The Threat from the Internet—and What Your Organization Can Do About It

New on The Edge: Think You're Spending Enough on Security?

SecurityScorecard and DarkOwl analyzed data related to the use of telehealth products from 148 vendors by healthcare providers around the country.

Prior to the pandemic, the use of such products hovered at less than 1% of the overall visits to healthcare providers by people seeking access to primary healthcare services. The public health emergency prompted by the pandemic resulted in primary care visits dropping precipitously after mid-March, while the use of telehealth apps soared 350%, SecurityScorecard said, referring to a report from the US Department of Health and Human Services.

The speed at which the transition to online health-services delivery happened left little time for healthcare providers to properly vet telehealth products for security issues or to ensure their safe use, says Alex Heid, chief R&D officer at SecurityScorecard.

"We examined the 148 most popular telehealth apps from a number of angles, and there are concerns across the board, from the development, deployment, and configuration of the applications themselves, as well as the digital supply chain that supports them," Heid says.

To assess the increased risk from telehealth apps, SecurityScorecard and Dark Owl examined the increase in security alerts sent by users of these apps to IT staff at their respective organizations. The two companies compared data from September 2019 to February 2020 and from March 2020 to April 2020.

For the study, they looked at a variety of alerts, including those related to IP reputation, patching cadence, endpoint security, DNS health, application and network security, and leaked credentials. For example, for patching cadence, analysts from SecurityScorecard and Dark Owl looked at the number of alerts that were sent to IT staff involving irregularly installed or missing patches.

The analysis uncovered a 117% increase in IP reputation alerts, a 65% increase in issues involving patches, and a 56% increase in endpoint alerts. The study revealed similar increases across every other single risk vector. Application security alerts, for instance, increased 16%. FTP issues jumped by 42%, and alerts related to the frequently abused Remote Desktop Protocol (RDP) went up by 27%.

Increased Chatter
SecurityScorecard and Dark Owl also observed a sharp increase in chatter pertaining to telehealth apps and credentials on Dark Web markets and hacker forums. For example, mentions of names of telehealth vendors and products such as Teladoc, CareClix, and MeMD jumped noticeably after the pandemic began. They also noticed malicious code being shared in March via criminal forums that would allow attackers to collect patient identity and prescription information for telehealth systems. According to the researchers, the malware is likely being used presently to harvest patient data. In another instance, they discovered a hacker providing specifics on how to compromise a medical imaging system so X-rays and other medical images could be downloaded, altered, or sold.

"Healthcare organizations need to fully and completely vet the telehealth vendors they integrate with their systems," Heid says. "As with any third-party vendor, their security risks become your security risks."

The new cyber-risks within the healthcare sector since the COVID-19 outbreak started is by no means unique. Security vendors have reported similarly heightened risks across almost every other sector. Attackers trying to take advantage of the sudden shift to remote work have been hammering away at weaknesses in home networks and devices, videoconferencing and remote collaboration tools, virtual private networks, and other network equipment. Government organizations, educational institutions, and healthcare organizations have proved to be especially popular targets for ransomware, distributed denial-of-service attacks, and account takeovers.

"We were surprised to find that, prior to the pandemic, the healthcare industry had improved its overall cybersecurity posture since our report last year." Heid says. "However, the mass adoption of telehealth applications has introduced new digital surface areas, which in turn introduce new risks."


Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 10/23/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Modern Day Insider Threat: Network Bugs That Are Stealing Your Data
David Pearson, Principal Threat Researcher,  10/21/2020
Register for Dark Reading Newsletters
White Papers
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-10-23
A Cross-Site Request Forgery (CSRF) vulnerability is identified in FruityWifi through 2.4. Due to a lack of CSRF protection in page_config_adv.php, an unauthenticated attacker can lure the victim to visit his website by social engineering or another attack vector. Due to this issue, an unauthenticat...
PUBLISHED: 2020-10-23
FruityWifi through 2.4 has an unsafe Sudo configuration [(ALL : ALL) NOPASSWD: ALL]. This allows an attacker to perform a system-level (root) local privilege escalation, allowing an attacker to gain complete persistent access to the local system.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in the ShadowPlay component which may lead to local privilege escalation, code execution, denial of service or information disclosure.
PUBLISHED: 2020-10-23
An arbitrary command execution vulnerability exists in the fopen() function of file writes of UCMS v1.4.8, where an attacker can gain access to the server.
PUBLISHED: 2020-10-23
NVIDIA GeForce Experience, all versions prior to, contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.