Covid-19 has undeniably hit the NHS hard in the UK, and in general there has been an acceleration towards making telemedicine an integral part of healthcare. Whether you’re an insurer offering private plans, or an employer offering benefits, the rise of online GPs, clinics and diagnosis has been a massive help during the pandemic.
But what are the data risks surrounding online healthcare? BAE Systems, specialists in cyber security, data protection and insurer protection, offer some insights.
This pandemic has required a radical rethink on healthcare provision, driving an unprecedented expansion of telemedicine and a growing recognition of its life-saving potential. However there are concerns that safety and privacy could be compromised by rapid deregulation.
There is now close regulatory attention being paid to things like telemedicine and that’s understandable, as medical information is something which most people wish to keep private. Regulators have said that doctors must maintain the same standards of care when treating a patient through telemedicine as they would when offering treatments face to face.
Some also offer specific guidance around telemedicine, for example maintaining digital patient records and maintaining confidentiality. This is absolutely essential when storing patient video from a recorded call, or photos emailed to the local clinic, so we can expect further guidance from regulators and new laws.
RANSOMWARE, PHISHING AND MORE RISKS
Earlier this summer Healthcare IT News in the US reported that a hospital in Colorado had suffered a ransomware attack, when patient records were effectively hidden from the hospital by the malicious actor. That meant that some patients digital files from 2012-2017 were inaccessible, which obviously creates a problem for any medical centre, insurance provider or an intermediary involved in that insured treatment chain.
In the UK this year the Blackbaud data breach saw many patient records, plus student information, being held to ransom. Many of the records involved people seeking help for mental health and anxiety, so the data is particularly sensitive. Charities and Universities involved had to issue statements and offer support after the incident and this highlights the multi-agency admin that often occurs in the wake of an attack.
Insurers and brokers need to make everyone aware in all sectors of healthcare and wellness services about the risks they face. This means that public sector bodies, NGOs and charities can tailor the cover they need, based on the risks.
With a younger generation already familiar with Zoom, Teams or other video call tech, there is still a strong set of reasons for informing everyone involved about the cyber risks that surround online consultations.
KEEPING TABS IN REAL TIME
For every insurer, healthcare provider or even freelance consultant, there’s no better way to keep up-to-date on the latest phishing, data breaches or ransomware attacks that gaining insights from a specialist in that very risk.
Brokers and insurers have an opportunity to be on the right side here, as they can use AI to track emerging threats in different parts of the world, or even within particular health sectors, and then send automated alerts to policyholders.
Healthcare professionals also need to remember the basics; make sure your anti-virus software is live, and being updated. Use the latest patient ID verification techniques and be careful with photo or other emailed attachments.
Online healthcare has so much to offer, especially as AI is getting better at offering basic diagnostic advice online, effectively acting as a triage in real-time. But that instant online connection, and ongoing exchange of highly sensitive data, which forms part of every GP or consultant appointment, needs to be 100% secure. With the data stored in a fully compliant system too, with third party access verified and checked at every step of the way.
In markets like the litigious USA, there is a great deal at risk financially, and in terms of reputational damage, if things go wrong. Which is why online patient care is an area where there is no substitute for in-depth expertise.