Telehealth and Cybersecurity: How to Assess Your Risk

As COVID-19 cases begin to escalate once again, cyberattacks on healthcare are also increasing. Cybercriminals target the healthcare industry around the world in a variety of ways – from simple email phishing attempts to complex malware that has, in some cases, completely shut down systems. These disruptions are very costly to healthcare organizations and can jeopardize the safe delivery of patient care.

Experts indicate that telehealth platforms are being targeted more now than ever. Cybercriminals are aware that many telehealth platforms were implemented quickly following COVID-19 stay-at-home orders to ensure patient access to care during the pandemic. When things are done quickly, security may not be as tight and present an opportunity to intercept patient care data.

To combat this increased risk, LHA Trust Funds recommends that all Louisiana healthcare organizations evaluate their current electronic patient care delivery systems and telehealth platform/processes to ensure proper security policies, procedures and safeguards are in place. These evaluations serve a two-fold purpose: to protect the system’s data integrity by proactively identifying potential vulnerabilities and ensure compliance with HIPAA requirements.

Here are some steps to get started:

• Conduct a risk assessment utilizing a proactive tool, such as an FMEA, to assess current telehealth processes. View and download the LHA Trust Funds FMEA tool.
• Conduct a HIPAA risk assessment to ensure that your systems meet requirements for ensuring the privacy of protected health information (PHI). Involve your organization’s IT Department to help work through risk mitigation strategies and improve PHI security. View and download a sample risk assessment.
• Develop and implement written information security policies. Sample policies are available for viewing and download.
• Conduct training to ensure staff members are aware of proper policies and procedures related to telehealth and electronic data system security. Annual staff training should also be held on cybersecurity topics such as phishing, ransomware, and data breaches. Training courses are available here.

All of the resources in the above list are provided through Tokio Marine, our partner for cyber coverage. Tokio Marine’s CyberNET portal is exclusive to Trust Fund members and can be accessed with exclusive credentials. Please contact Vice President of Patient Safety and Risk Stacie Jenkins at staciejenkins@lhatrustfunds.com.

Learn More

LHA Trust Funds has updated our Cyber Liability & Risks Toolkit to reflect best practices designed to help your organization prepare for and address threats to its cybersecurity. Visit the Cyber Liability & Risks Toolkit for more information regarding cybersecurity in healthcare from our staff consultants and other experts.