The Telehealth Attack Surface

Telehealth and telemedicine face numerous cyber threats. Currently, healthcare providers, medical device makers, and telehealth platform providers rely on a myriad of regulations and sources of guidance, including HIPAA, the Department of Health and Human Services, and Food and Drug Administration regulations and general cybersecurity best practices to manage these services. However, these regulations do not anticipate the full range of threats that can occur inside the insecure network environment of a patient's home. Additionally, many of these platforms have been deployed quickly during the pandemic and allowed to bypass existing regulations, which further exacerbates the risk environment for these services.

A new federal effort is underway to address this deficiency. The National Cybersecurity Center of Excellence (NCCoE) and National Institute of Standards and Technology (NIST) recently began working with leading industry vendors and subject matter experts to undertake a comprehensive analysis of telemedicine services to map out the attack surface, identify the key potential points of failure, and devise new telemedicine cybersecurity standards for the industry to follow. This process is still in the early stages, but once completed it will be an effective road map for healthcare providers and technology developers as telemedicine use expands.

Read more at: Dark Reading