APBN New Site

APBN Developing Site

Securing Telemedicine Platforms in an Evolving Threat Landscape

There are areas of our lives and society that might not go back to exactly the way they were before the pandemic – from reconfiguring workspaces to accommodate a distributed workforce, to contactless delivery and dining experiences, to planning our future travels based on new dynamics of social distancing. Along with these changes is the increasing adoption of telehealth or telemedicine.

by George Lee

While most of us generally prefer going for our medical consultations in person, the ongoing global health crisis has necessitated the use of telemedicine platforms as a safe alternative for getting medical care remotely. This growing demand for telemedicine is evident across Asia Pacific, particularly in markets such as Australia, China, Indonesia, and Singapore according to recent a report from Bain & Company.1 Notably, it revealed that “visits” to Singapore’s MyDoc platform have risen more than 160 percent since the beginning of 2020.

Personal health information and electronic health records are one of the most valuable commodities hackers look for even before the pandemic. Back in 2018, Singapore Health Services (SingHealth)2 was hit by a major data breach, where with 1.5 million patient records were accessed and copied while 160,000 of those had their outpatient dispensed medicines’ records taken.

This push toward the interoperability of healthcare systems, medical devices and data calls for strong management because of the richness and completeness of healthcare data that will be accessible in one place. The question becomes, how can we ensure the security of telemedicine platforms? And who is responsible for that? Here are some best practices for medical providers:

Adopt a zero-trust approach – the right way. Securing telemedicine is no different from any other emerging health technologies. A zero-trust approach means applying security controls where they are needed to compartmentalize and protect critical systems and data. This helps ensure that medical providers have visibility over their systems and data including the platforms used to perform telemedicine appointments with patients as well as the methods third parties are using to access their systems and protected patient data.

Establish robust standards and guidelines. This entails more than just deploying the right technologies to secure telemedicine, and this must be complemented with other measures. Cybersecurity standards and guidelines are necessary for optimal security of telemedicine. On this view, healthcare staff must be trained on data handling procedures and health information security strategies in compliance with the existing regulatory policies when it comes to data privacy and security such as Singapore’s Personal Data Protection Act.

Empower patients to secure their data. It cannot be emphasized enough that security must go beyond from those who are securing the healthcare systems. Healthcare providers play an important role in educating patients on how they can secure their interactions online by exercising good security hygiene in the form of strong passwords, updated device software, being more vigilant on the emails they receive pertaining to their medical data, and holding virtual consultations in secure places like their home.

Today, telemedicine is radically transforming the healthcare industry around the world, helping mitigate the potential bottleneck of intensive care and reducing non-urgent procedures – freeing up healthcare providers to focus more on urgent needs. Telemedicine also helps limit the exposure of at-risk populations such as the elderly and those with pre-existing conditions, as well as enables more diagnosis and self-management at home at a safe distance. However, as the technology of telemedicine advances, it compounds the risks and changes risk profiles for healthcare organizations. Risk and security teams must therefore work together to address this changing dynamic for telemedicine to be a viable long-term option for patient care. [APBN]


References

  1. Vikram Kapur and Alex Boulton. (April 27, 2020) COVID-19 Accelerates the Adoption of Telemedicine in Asia-Pacific Countries. Retrieved from: https://www.bain.com/insights/covid-19-accelerates-the-adoption-of-telemedicine-in-asia-pacific-countries/
  2. Kevin Kwang. (July 20, 2018) Singapore Health System Hit by “Most Serious Breach of Personal Data” in Cyberattack; PM Lee’s Data Targeted. Retrieved from: https://www.channelnewsasia.com/news/singapore/singhealth-health-system-hit-serious-cyberattack-pm-lee-target-10548318

About the Author

George Lee, Vice President, Asia Pacific and Japan, RSA

As vice president of RSA in Asia Pacific and Japan, George Lee leads the overall RSA business ranging from sales, business operations, strategic alliance, to client experience across the region. With over 20 years of regional sales and operations background in the IT and cybersecurity space, his wealth of consulting experience and strong leadership skills have helped him build high-performance teams that have successfully implemented operational changes, process improvement and business growth in the complex business environment across the region.