Healthcare facilities can mitigate the cyberthreat risk in telemedicine by:
Creating a Cybersecurity Policy – A cybersecurity policy lays down roles and responsibilities for an organisation’s stakeholders to follow and also stipulates technical standards to be enforced such as credential strength, encryption of data at rest and in transit, types of encryption used, and frequency of backups; permitted applications and services that can be used by staff; communication standards such as protecting files that are sent to patients; and appropriate use of official social media channels. The policy should also specify penalties for non-compliance to ensure the policy is implemented
Listing Authorised Solutions – Telemedicine often relies on 3rd party solutions, such as videoconferencing and chat tools. These solutions should be evaluated for privacy by checking the provider’s privacy policy, for security by verifying that communication is encrypted, and for data sovereignty by confirming where (in which country) the solution stores data. All stakeholders should be informed that only authorised solutions should be used
Ensuring Security of Stored Data – Personally Identifiable Information (PII) of patients and their medical records (scans, test results) should be protected from theft and destruction by utilising encryption and backups. Backups should follow the 3-2-1 rule (3 copies, 2 media, 1 offsite) and be tested periodically by restoring a backup to see how quickly and easily normal operations can be resumed in the event of a wiper or ransomware attack
Limiting Access – All access to data, networks, and devices should be granted on the principle of least privilege i.e., users should have the least access rights they require to fulfil their responsibilities. User identity, including patient identity, should be verified through strong credentials and (where practical) Multi-factor Authentication (MFA) before access is provided
Deploying Endpoint Security – Endpoint protection solutions, like K7 Endpoint Security, protect computing devices (including email, file, and application servers) from malware like keyloggers, Trojans, and ransomware. They can also prevent the use of unauthorised applications and control access to unauthorised cloud/web services
Deploying Network Security – Network security devices, like K7 Unified Threat Management, provide gateway security to enterprise networks and include AAA (Authentication, Authorisation, and Accounting) framework to control access to computing resources. Communication between facilities can be secured by installing the K7 Connect 500 device in satellite facilities
Training End Users – Providing training on cybersecurity ensures that end users maintain cyber hygiene and can spot and stop social engineering attacks like phishing which target the user rather than the device or network. Training on safe use of social media makes end users aware of the risks present in their use of personal social media which can spillover to their professional lives
Healthcare cybersecurity teams may also wish to read our blogs on conducting Safe Zoom Calls & Meetings, Ransomware in Healthcare, and Protecting Legacy Healthcare Devices against Ransomware for more information on protecting healthcare IT infrastructure from cyberattacks that may enter the organisation through telemedicine facilities.
K7 Security provides world-class enterprise cybersecurity solutions that are renowned for their protection, efficiency, and manageability. Please read our healthcare cybersecurity case studies (Multi-speciality Hospital Chain, Teaching Hospital & Research Institute, Multi-speciality Hospital and Research Centre) for more information on how our solutions protect healthcare facilities, or Contact Us to learn more about our international award winning cybersecurity solutions.