Federal agency and private-sector healthcare officials agreed this week that the sharp increase in delivery of telehealth services during the coronavirus pandemic has advanced state of the art in service delivery, along with the need to ramp up cybersecurity protections.
Paul Cunningham, Chief Information Security Officer at the Department of Veterans Affairs (VA), said Sept. 8 at the Billington CyberSecurity Summit that the agency had been working on telehealth and associated cybersecurity for years before the pandemic, when “it was always important, but it was not always a priority.”
The onset of the COVID-19 pandemic earlier this year changed all that, as demand for telehealth services spiked and the VA went from providing capacity for 500 simultaneous telehealth sessions to 7,500.
“We took what was going to be an eight-year journey and compressed it into four months,” Cunningham said, adding it “was a good thing we had the partnerships in play” to respond to the demand surge.
Telehealth, Cunningham explained, represents a high bar for tech-enabled services. “It’s about advancing five-star medical services to our veterans, no matter where they are in the world, or in the U.S.,” he said. Functionally, telehealth encompasses a range of services including remote sessions between physicians and patients in different locations, and interactions between physicians. “The real challenge is looking at telehealth holistically – from a hand-held phone, to a system to get vital signs, to telemetry between physicians and patients,” Cunningham said.
Jessica Wilkerson, Cyber Policy Advisor in the U.S. Food and Drug Administration’s Office of Strategic Partnerships and Technology Innovation, Center for Devices and Radiological Health, said delivery of telehealth services has been “accelerated significantly” by the COVID-19 pandemic.
Even before the pandemic began earlier this year, telehealth “was already evolving the way that health care is being delivered” because the internet has no boundaries, she said.
Darren Lacey, CISO and Director of IT Compliance at Johns Hopkins University and Johns Hopkins Medicine, said the pandemic has driven a “dramatic” increase in the number of electronic interactions between patients and doctors at his institution. That increased demand has changed telehealth services a lot in the past six months, and he said the service “will continue to evolve.”
He said an early challenge in the telehealth services demand spike was getting people connected as quickly as possible, and then sorting out a wide range of teleconferencing options to manage service delivery. “We had several teleconferencing technologies that we were conversant with, but we became expert in them pretty quickly,” he said.
On the security front, he said that “idiosyncrasies of the technologies had to be worked out … it was exciting.” He added, “I’m not sure I knew what Zoom bombing was six months ago.”
Looking forward, Lacey warned that the “data artifacts” created by video conferencing represents an attractive target to cyber adversaries. “I expect adversaries to attack the “collaborative spaces themselves … realizing that we are doing a lot of our most sensitive business there.”
He added, “the threat vector is up significantly from where it was before,” and said Johns Hopkins has been working “with our cloud providers and our security operations center to counter this. We had been doing that, but now we have to ramp it up a bit.”