“Telehealth has revolutionized how health care is administered,” writes Dr. Seria Lakes in her new book, Telehealth Security: An Examiination of Variance in Telehealth Security Breaches. While the potential to improve accessibility and efficiency is enormous, so too are the potential risks of exploitation by cybercriminals. These risks – and the steps organizations can take to mitigate them – are the central concern of her book.
Ninety percent of organizations surveyed by the Ponemon Institute in 2014 reported at least one telehealth breach over a two-year period and 38% reported more than five breaches. In several recent cases, cybercriminals have pilfered data and then tried to extort ransoms; one facility, Virginia’s Prescription Monitoring Program, was presented with a demand for $10 million. In addition to demanding money and exposing organizations to legal liability, criminals could potentially endanger patients’ lives by interfering with telesurgery procedures or manipulating medical systems.
“Once an adversary gains control of a surgical robot and is erroneously cutting a patient, they can rupture arteries, stab the patient and ultimately kill the patient,” she writes, describing a scenario that is no longer confined to the realm of horror fantasy.
Relatively little research has been done on the vulnerability of telehealth systems, despite their rapid burgeoning in recent years, says Lakes, a 2014 graduate of Capitol’s doctoral program in cybersecurity, She is hoping her work will help to fill the gap. She also sees her book as providing a resource that can help organizations take effective action to protect their systems – and their customers.
“It’s aimed at people who are in charge of making sure telehealth infrastructures are secure,” she says. “Often, people are just thrown into certain positions without the necessary background in terms of policies and exactly what needs to be done in order to be compliant. The book could also benefit people who are enrolled in courses on health informatics or similar subjects – anything related to IT and health.”
‘There are discussion questions at the end of each chapter on what improvements can be made and what type of security is necessary.”
Incentives for Change
Among other recommendations, the book outlines a breach mitigation process. Incidents would result in review by a Change Control Board (CCB) and a plan of action; if the security problems continue, the system would be decommissioned until the issues can be resolved.
Having such a process in place will increase the incentive for organizations to tackle security threats, Lakes says, because they won’t want to lose business as a result of systems being decommissioned.
Telehealth Security is based on the doctoral dissertation Lakes completed while at Capitol; the material has been streamlined and revised for a general audience. The daughter of parents who also attended Capitol (her mother, Dr. Sherry Lakes, graduated from the doctoral program last year), she speaks highly of her experience with the university.
“I liked the fact that there was a lot of writing in the courses,” she says, noting that she was able to tailor her papers to her developing research project. “That made it a lot easier when I started work on my dissertation, because I already had a lot of information and research that I could use. The program was very thorough, the staff was helpful, and my chairperson – Dr. Audrey Andrews – was highly dedicated.”
The program at Capitol was “hands down, better,” compared to another area school where she began a doctorate before deciding to transfer, she said.
She has words of advice for those currently on the doctoral path: stick with it.
“Keep pushing,” she says. “It can be frustrating when people critique your work, to the point that students often feel discouraged and want to give up. But if it’s something that you really want, that you feel passionate about, then you have to work with it. Sometimes it doesn’t mean that what you have written is wrong; it may be a matter of clarifying your ideas.”
“No matter what anybody says, just keep doing what you need to do. Don’t take criticism personally; just pick yourself back up and keep going.” Lakes says.