Is Remote Patient Monitoring The New Cybercrime Target?

While hospitals and health systems may have well-honed cybersecurity protocols to prevent or mitigate such attacks, the growth of care-at-home technologies – including remote patient monitoring and hospital at home – has created another layer of concern. Patients who are monitored or managed at home using a health system's technology likely do not have such strict safeguards in place. Healthcare IT News interviewed him to discuss why criminals are targeting patients at home, how criminals are trying to access hospital and health system servers through patients' homes, and what healthcare CISOs, CIOs, and other security and IT leaders should be doing to protect their patients and organizations from these kinds of breaches. Q. How are they trying to access hospital and health system servers through patients' homes? For example, just like with clinicians in the hospital, an attacker may attempt to spread malware through a fraudulent email sent to the patient, hoping they will click on an attachment or link that will enable the attacker to gain control of the patient's device and then spread the software to the provider's systems. This cybersecurity risk grows exponentially if the patient uses their home computer or personal mobile device for RPM. Personal devices, however, do not offer patients or providers adequate protection from a data breach for RPM where active and passive data-collection is more frequent, if not continuous. Providers cannot secure, control and monitor a patient's personal device as they could with their own equipment. A. Simply put, C-level health system leaders need to give remotely managed patients a health system-owned and secured "locked-down" mobile device to communicate and share data with providers. The patient would use the digital tablet to input data from their monitoring devices, such as wearables that track various vital signs and to conduct telehealth visits with providers in a hospital or clinic. An app is acceptable for short telehealth visits, but health systems are unnecessarily exposing their data and systems to vulnerabilities if they are connected to a patient's largely unsecured personal device for an extended period of time.