The Risks of Telehealth App Tracking

Protecting Your Customers in the New World of Virtual Health

As custodians of an abundance of private, sensitive data, healthcare companies are prime targets for ransomware attacks and data breaches. And the 2020 pandemic shined a bright spotlight on data privacy and security concerns for consumers as they participated more actively in virtual healthcare and digital health tracking apps. Unfortunately, the rise of these third-party platforms has corresponded to an increase in cybercrime, and consumers need guidance on what tracking apps they can trust and which they should avoid. Healthcare provider organizations can do their part by educating their customers about taking a proactive approach to safeguarding their digital privacy while performing in-depth due diligence on any third-party tools they deploy in the ramp-up of their telemedicine services.

The rise of mobile health applications and contact tracing

Even before the pandemic, consumer usage of mobile telehealth applications was on the rise. According to a Gallup poll taken in November of 2019, one in three Americans had tried digital health products, and more than one in four used either a wearable fitness tracker or tracked their health via a phone or tablet app. By March of 2020, Gallup’s research showed that the number of Americans who said they are likely to use telemedicine in the future was almost three times greater than in their previous survey. As with many other ways in which society shifted to help reduce the spread of COVID-19, the pandemic accelerated the adoption of virtual healthcare even further.

As health agencies raced to collect vital transmission data on COVID-19, several states developed contact tracing apps to assist with symptom tracking and exposure notification. Unfortunately, due to a patchwork of differing state privacy policies and a less than stellar record of safeguarding user data, consumers have been hesitant to trust and embrace them. In order to reap the benefits of this critical data, users need a clear understanding of what privacy protections are in place and what will happen to the data they provide via these health tracking apps. Health organizations should review their privacy policies to ensure they demonstrate their commitment to keeping patient data secure, both from threat actors and third-party buyers. This commitment should extend to all telehealth applications the organizations themselves decide to employ.

The dangers of telehealth applications – who has your (highly) personal health data?

While doctors and care workers are rushing to embrace and expand virtual healthcare services, the threat landscape is getting more sophisticated. Hackers are exploiting the spike in virtual healthcare applications to their benefit. Ransomware attacks and data breaches are expected to escalate in 2021, with cloud applications and infrastructure being a prime focus. A recent security report conducted by Intertrust found that 85 percent of COVID tracking apps leak data. Out of all the mobile health apps tested, 91 percent have weak encryption and 71 percent contain at least one security vulnerability.

Cybercrime is only part of a larger problem with health tracking applications. Anyone utilizing a consumer health app may be surprised by how often their data is passed to third parties like Facebook and Google. Third-party medical apps aren’t federally regulated as long as they stick to claims of general wellness. They also do not fall under the Health Insurance Portability and Accountability Act (HIPAA). If consumers enter their personal health information into one of these applications, the same laws governing patient privacy for healthcare workers, hospitals, and health insurers do not protect that data.

Despite user skepticism, 40 percent of U.S. states adopted Apple’s Exposure Notification API for COVID-19 contact tracing, but mounting privacy concerns regarding the nearly 500 COVID mobile apps have troubled security experts. An in-depth study of these applications revealed that an alarmingly high number of them are accessing and collecting personal data unrelated to the transmission of the virus and, very likely, seeking to profit from it.

Demand for mobile healthcare tracking and telemedicine will continue to rise

Despite the risks of data tracking applications, consumers continue to download and use apps. The convenience and increased support for health-related issues and goals make mobile health apps very appealing to users. Medical professionals also benefit from the enhanced patient-to-provider communications that these applications can enable. For example, one recent study sought to evaluate the use of mobile health apps for tracking patient-reported outcomes for oncology patients. They concluded that symptom tracking apps enhanced the ease of communication between cancer patients and their doctors and that more cancer-specific tracking apps are “urgently needed.”

How to set up your telehealth customers for success

There are two sides to the telehealth coin – risk and opportunity. Healthcare organizations need to work to maintain a deeper level of understanding of both in order to guide their members in the new world of virtual health. An essential element of this work will be empowering your members with education and tools to assist in the fight against healthcare cybercrime. Enable your users to leverage patient safety tools like IDX’s SafeWiFi VPN and MIDAS to secure and monitor their healthcare transactions, guarding against medical identity theft.

As healthcare organizations establish best practices for telehealth security going forward, they should mitigate the risks of telehealth app tracking by performing due diligence against cyber threats to your users’ privacy.