The future of medical appointments will be remote. Here's how hospitals are making the transition and dodging new cyber threats, according to one network's security chief.
- The COVID-19 pandemic forced hospitals and doctors' offices across the globe to transition to remote appointments. Now, some are planning to keep much of their medicine remote for the foreseeable future.
- One of those is Sentara Healthcare, an integrated health network that runs 12 hospitals in the eastern US. Many if not most of Sentara's appointments will be remote going forward, according to CISO Dan Bowden.
- The shift to telemedicine poses new challenges that stack with unprecedented cybersecurity threats facing hospitals right now.
- Bowden gave Business Insider a breakdown of how Sentara is navigating shifts in the market and planning for the future of remote healthcare.
The doctor will see you now — but it likely won't be in person.
The COVID-19 pandemic has forced hospitals, clinics, and other healthcare organizations to move much of their medicine online in recent months in an attempt to reduce the density of patients at hospitals and slow the spread of the coronavirus. Doctors have turned en masse to messaging services and videoconferencing apps to treat their patients.
Now, the shift to telemedicine could prove permanent. But cybersecurity experts warn that remote healthcare could pose unprecedented threats if not implemented carefully, and hospitals whose budgets have been stretched thin by COVID-19 and shutdowns are uniquely vulnerable to ransomware attacks.
Sentara Healthcare is one organization embracing the shift to telemedicine. In the past three months, the not-for-profit network — which runs 12 hospitals in North Carolina and Virginia and brings in roughly $7 billion annually — has undertaken the herculean task of transitioning much of its 30,000-person workforce to remote work.
Now, the majority of Sentara's appointments could remain remote for the foreseeable future, according to Sentara Chief Information Security Officer Dan Bowden.
"We're looking harder at the tools we provide," Bowden told Business Insider. "And there's a new conversation for security professionals in healthcare, which is, how do we respond to this?"
Sentara conducts telemedicine using its own in-house video call application, and Bowden said the company has implemented multi-factor authentication to verify the identities of patients new to the service. Meanwhile, it relies on a combination third-party security software from Tenable, Microsoft, and Amazon Web Services to protect patients' data.
Bowden says another part of the response has involved educating Sentara's workforce — especially other executives — about the tactics hackers use to target healthcare providers. Cyberattacks against hospitals have been on the rise for years, typically involving ransomware: Hackers take down healthcare computer systems and threaten to destroy them unless hospitals pay a price.
But remote work also provides new inroads for hackers, who could target the home devices of employees or patients with phishing scams. Cybersecurity firm CynergisTek told Business Insider in April that it had already seen a spike in threat actors targeting medical institutions since the onset of COVID-19 shutdowns.
Bowden said it's crucial for hospitals and security providers to share best practices and insights regarding the threats they face in order to plan for potential attacks and build resilience.
"Yes, there are more threats now, but we also have better threat intel," Bowden said. "It's something going forward in healthcare that we're all going to need to learn to manage."