Written by Ian Sharp PhD on January 7th, 2021
You are listening to The Good Doctor Sharp on DoctorsInTech.com
I can't keep quiet about this any longer. Your telemedicine platforms are not secure.
I've seen a lot of them, and I am shocked.
Even if a platform is "secure" ultimately the biggest weakpoint in any security system is "YOU",
the human end-user of the software.
When I see the designs of these systems I just think
"It's like they want this information to be stolen." Reckless.
Showing PII patient names AND health conditions in their EMR side-by-side? Wow. Just wow.
To bring this home I'm going to make two specific use-cases you as a telemedicine end-user
need to be concerned about and why - even if your telemedicne platform were secure,
you're not safe, and neither is your data.
#1. Key loggers
Key loggers are programs that run silently in the background on your computer and they log every
key stroke you make on your keyboard. Where does that giant log of key strokes go once they're stored?
No way to know. Depends on who got their keystroke logger on your computer and where they want to
store that information.
Imagine for a moment, that every time you type in your email and password on a website that text
is stored in a big text file on someone else's computer. Then imagine that text file also includes
the time you went to search for one of your patients BY NAME, and then proceeded to edit their EMR with
specifics on a follow up for their condition. With all those key strokes swimming in one big
text file, it's not that hard to piece together the PII and PHI of that patient if someone were so
inclined.
Resolutions
What would be really sad is if something like this were happening at hospitals and not just in private practice virtual clinics. Since standard practice is for employers to often install key loggers to spy on their own employees, it looks like keylogger leaks at hospitals like this one are no exception. Maybe if we just read and do nothing... something will change.