By Nnaemeka Obiagwu, 2021 J.D. Candidate
With the advent of the coronavirus pandemic in the United States, telemedicine has been brought to the limelight because it provides an opportunity for patients to have access to quality care remotely, particularly patients that need to be quarantined as a result of the outbreak. Given that data breaches are a critical issue for the health care industry and with telemedicine being offered online, it is understandable why patients are uncomfortable with sharing personal information with their providers. Last year, the healthcare sector saw a whopping 41.4 million patient records breached fueled by a 49 percent increase in hacking, and in the first half of 2020, 41 healthcare providers reported falling victim to ransomware.
As a result of the increase in the number of COVID-19 cases, health care providers are struggling to serve the high volume of affected patients. To meet the demand, some health care organizations are utilizing free, web-based communication platforms that employ end-to-end encryption, such as Apple FaceTime, Facebook Messenger video chat, Google Hangouts video, Whatsapp video chat, Zoom, or Skype but public-facing platforms like Facebook Live, Twitch and TikTok are not permitted because they are designed to be open to the public or allow wide or indiscriminate access to the communication. The Health and Human Services (HHS) is relaxing HIPAA enforcement of non-compliance with telehealth to allow providers to use certain video technologies to deliver quality health care. Despite the reassurances of hackers promising not to attack health care organizations during the COVID-19 pandemic, it will be hard to take them at their word largely because in 2019, healthcare was the most targeted industry by hackers and cyber-attacks, resulting to 382 data breaches and costing the industry more than $17.76B billion. Just recently, a ransomware attack caused network outages that forced a clinic to redirect patients in need of emergency care elsewhere, which resulted in the death of a 78-year-old woman who required immediate attention for an aneurysm.
The value of Personal Health Information is equivalent to that of gold on the black market. The FBI reported that electronic health records could “be used to file fraudulent insurance claims, obtain prescription medications, and advance identity theft.” Such information getting into the wrong hands would prove to be more attractive for ransom and detrimental to the patients. For instance, if details about an embarrassing medical history such as treated sexually transmitted disease or terminal illness leak, hackers can use that information to get such people to dance to their tune, even if it means clearing their account balances. Hackers are exploiting the anxiety and confusion surrounding the coronavirus pandemic by sending phishing emails in which they impersonate health agencies and bodies such as the World Health Organization (WHO).
To ensure privacy security, health care providers must be extremely cautious before opening emails or alerts that appear to come from health experts, government agencies, or businesses. Employees should undergo strong security training programs frequently so they can gain a better handle on how to manage, for example, a malware infiltration incident and safeguard real data from being exposed or stolen. Patients should be equally cautious when responding to videoconference meeting invitations, particularly when they aren’t expecting the email. When in doubt, check the email address against the sender’s website before clicking or reach out to the sender directly. The education of patients on the importance of not sharing logins, passwords, or other access information with anyone and also how to authenticate communication from the telemedicine provider should be adopted and implemented by healthcare organizations.