Your telemedicine platform

it's not secure

Written by Ian Sharp PhD on January 7th, 2021

You are listening to The Good Doctor Sharp on

I can't keep quiet about this any longer. Your telemedicine platforms are not secure. I've seen a lot of them, and I am shocked.

Even if a platform is "secure" ultimately the biggest weakpoint in any security system is "YOU", the human end-user of the software. When I see the designs of these systems I just think "It's like they want this information to be stolen." Reckless. Showing PII patient names AND health conditions in their EMR side-by-side? Wow. Just wow.

To bring this home I'm going to make two specific use-cases you as a telemedicine end-user need to be concerned about and why - even if your telemedicne platform were secure, you're not safe, and neither is your data.

#1. Key loggers

Key loggers are programs that run silently in the background on your computer and they log every key stroke you make on your keyboard. Where does that giant log of key strokes go once they're stored? No way to know. Depends on who got their keystroke logger on your computer and where they want to store that information.

Imagine for a moment, that every time you type in your email and password on a website that text is stored in a big text file on someone else's computer. Then imagine that text file also includes the time you went to search for one of your patients BY NAME, and then proceeded to edit their EMR with specifics on a follow up for their condition. With all those key strokes swimming in one big text file, it's not that hard to piece together the PII and PHI of that patient if someone were so inclined.


#2. Screenshot malware like SquirtDanger and others

This kind of software takes screenshots of your desktop every x seconds and send those screenshots images to someone else's computer. With readily available "AI" like tesseract and countless other OCR solutions, this sequence of images can easily be mined, automatically extracting text from those screenshots. Were you looking through an EMR that exposed a patient's name (PII) with their private health information PHI? Guess what, you've just violated your oath to keep patient-doctor confidentiality. The screenshot contained both PII and PHI, which had the text extracted and then... You've potentially exposed your patient to identity theft or to be a victim to a phishing scam. Not good.

  • 0 ***Anti-virus in this case would likely not even work since this kind of program keeps re-installing itself

    But how? Schedule with me below, I have your solution. I hope your computer is clean, but even your computer was infested with a keylogger or screenshot capturing malware... as long as you follow my advice exactly, I guarantee you will succeed in upholding your sacred vow of patient-doctor confidentiality.

    Don't take chances. Take DOCTORS IN TECH ®.


    What would be really sad is if something like this were happening at hospitals and not just in private practice virtual clinics. Since standard practice is for employers to often install key loggers to spy on their own employees, it looks like keylogger leaks at hospitals like this one are no exception. Maybe if we just read and do nothing... something will change.

    researchers, entrepreneurs, companies