Your telemedicine platform

it's not secure

Written by Ian Sharp PhD on January 7th, 2021

---

You are listening to The Good Doctor Sharp on DoctorsInTech.com

I can't keep quiet about this any longer. Your telemedicine platforms are not secure. I've seen a lot of them, and I am shocked.

Even if a platform is "secure" ultimately the biggest weakpoint in any security system is "YOU", the human end-user of the software. When I see the designs of these systems I just think "It's like they want this information to be stolen." Reckless. Showing PII patient names AND health conditions in their EMR side-by-side? Wow. Just wow.

To bring this home I'm going to make two specific use-cases you as a telemedicine end-user need to be concerned about and why - even if your telemedicne platform were secure, you're not safe, and neither is your data.

#1. Key loggers

Key loggers are programs that run silently in the background on your computer and they log every key stroke you make on your keyboard. Where does that giant log of key strokes go once they're stored? No way to know. Depends on who got their keystroke logger on your computer and where they want to store that information.

Imagine for a moment, that every time you type in your email and password on a website that text is stored in a big text file on someone else's computer. Then imagine that text file also includes the time you went to search for one of your patients BY NAME, and then proceeded to edit their EMR with specifics on a follow up for their condition. With all those key strokes swimming in one big text file, it's not that hard to piece together the PII and PHI of that patient if someone were so inclined.

Resolutions

• 1. Use 1Password.com. Stop typing in your passwords by hand and start making sure your passwords for each website are different and so thoroughly complex you would not be able to remember your own password.
• 2. Use some anti-virus and PRAY it finds your keylogger if one is installed
• 3. Do all your work on an iPhone or iPad, where the likelihood of having a keylogger installed is much smaller (and make sure your iPhone/Pad are not jail broken)

#2. Screenshot malware like SquirtDanger and others

This kind of software takes screenshots of your desktop every x seconds and send those screenshots images to someone else's computer. With readily available "AI" like tesseract and countless other OCR solutions, this sequence of images can easily be mined, automatically extracting text from those screenshots. Were you looking through an EMR that exposed a patient's name (PII) with their private health information PHI? Guess what, you've just violated your oath to keep patient-doctor confidentiality. The screenshot contained both PII and PHI, which had the text extracted and then... You've potentially exposed your patient to identity theft or to be a victim to a phishing scam. Not good.

Resolutions

0 ***Anti-virus in this case would likely not even work since this kind of program keeps re-installing itself

1. STOP USING TELEMEDICINE SOFTWARE THAT EXPOSES PHI AND PII

But how? Schedule with me below, I have your solution. I hope your computer is clean, but even your computer was infested with a keylogger or screenshot capturing malware... as long as you follow my advice exactly, I guarantee you will succeed in upholding your sacred vow of patient-doctor confidentiality.

Don't take chances. Take DOCTORS IN TECH ®.