Keeping Telehealth in Great (Security) Shape

Mattias Fridström, Chief Evangelist at Arelion

COVID-19 turned telehealth into a household term, transforming the services that healthcare providers can offer patients. Thanks to advancements in connectivity, global experts in rare procedures and conditions can connect virtually to share knowledge with local medical practitioners and surgeons – and can conduct remote consultations in the comfort and privacy of patients’ homes worldwide. Telehealth is still viable and very important to connect patients to healthcare providers, even as the world returns to a semblance of normalcy. Many telehealth platform providers focus on endpoint security to protect their extremely sensitive data, with the industry increasingly integrating secure access service edge (SASE) products and VPN replacements. 

But all of this innovation and connectivity comes at a cost – and endpoint security alone doesn’t cover it. Healthcare and the wider business community have turned to the public Internet (the worldwide collection of router-based, interconnected networks) to provide the uninterrupted, high-quality, reliable services telehealth platform providers and practitioners need to serve their communities. In short, you’re likely using the public Internet if you’re connecting to a doctor through your home computer or iPad. However, increased use of the public Internet means that healthcare providers don’t control the underlying networks end-to-end, leaving them especially susceptible to large-packet attacks. To address this vulnerability, telehealth providers must partner with operators that have a reliable network with a global reach backed by strong security measures that keep their telehealth services operational. Endpoint security is important, but security at the network layer is also necessary to protect sensitive telehealth data and achieve comprehensive protection of a telehealth provider’s network. 

DDoS mitigation: keeping servers at peak performance

Distributed Denial-of-Service (DDoS) attacks remain one of the most common methods hackers use to attack a network. DDoS attacks flood servers with malicious traffic to disrupt network operations and bring service to its knees. Aside from stopping network operations, a DDoS attack can act as a cover for other malicious activities, such as patient data theft through an exploited backdoor or the implanting of malware that continues to wreak havoc even after the original attack has stopped. 

When looking to secure their telehealth services and data, providers should choose a global connectivity partner that offers automated, scalable DDoS protection. High-capacity DDoS protection drops malicious traffic through surgical scrubbing sites before it reaches a telehealth network and has the flexibility needed to secure against different attack vectors. These vectors include protocols (which are often slow to update and adhere to global standards), volumetric attacks that attempt to use up all of a network’s bandwidth, and application attacks that exploit weaknesses in specific applications. A precise DDoS mitigation service should provide 24/7/365, host-level protection backed by a high-performance, global network. This means that healthcare providers don’t have to worry about attacks even at non-peak hours, even as DDoS attacks increasingly persist no matter the time of day. 

According to a recent threat report, attack vectors evolved in 2021 from smaller, more frequent SYN-based attacks to large-packet, infrequent DNS and NTP amplification attacks. Peak traffic rose 45% in 2021, with attack traffic correlating with peak traffic levels and the average attack size totaling between 25Gbps-35Gbps. These attacks will remain highly profitable for cybercriminals due to the critical nature of telehealth data and services, highlighting the need for comprehensive security on the network itself.

RPKI: protecting the central nervous system of the Internet

A second attack vector that uses the public Internet as an attack path is traffic hijacking, with several of these attacks taking place on major cloud provider networks in recent months. Unprotected traffic can be announced to anyone on the Internet and is particularly vulnerable to hijacking, which detours network traffic to undesired locations. Considering the inherent sensitivity of telehealth data, including patient information and treatment documentation, this could be devastating to a telehealth provider and its patients. 

To prevent traffic hijacking and redirection, Resource Public Key Infrastructure (RPKI) is a secure identification system that better controls connections to the Internet by ensuring service providers can automatically validate and secure Border Gateway Protocol (BGP) announcements. This is vital as BGP is essentially the nervous system of the Internet. RPKI makes it harder for hackers to re-route sensitive telehealth traffic without the knowledge of the service provider or telehealth platform involved. In addition, RPKI helps prevent accidental leaks of routes by which telehealth data is transmitted. 

RPKI was developed by the Internet Engineering Task Force, an organization dedicated to creating better standards for Internet protocols. It’s voluntary to adopt RPKI or any of the standards the IETF creates, but the unique security needs of telehealth and the exposed nature of the public Internet mean that it is better to use a global service provider that has a track record as an early adopter of this security service as part of a comprehensive telehealth security strategy.

Choosing a global connectivity partner to achieve comprehensive telehealth security

Comprehensive telehealth platform security is best achieved through partnerships with a global operator that is constantly striving to improve the quality of its network and the security on that network. Like other enterprises, healthcare providers need different layers of security. But in the context of their network needs, all healthcare providers have one thing in common: their data is highly sensitive. 

Endpoint security is necessary – but it does not provide the comprehensive security that ensures healthcare providers’ traffic will only traverse their network. DDoS protection prevents sudden shutdowns – but it doesn’t prevent traffic hijacking. And while RPKI helps prevent hijacking, it doesn’t drop malicious traffic automatically before it reaches a healthcare provider’s Internet connection. To keep your telehealth platform or service robust, it’s important to choose a service provider that has a global footprint and comprehensive network security strategy that addresses the most common attack vectors in today’s evolving threat landscape. Although security on the network is just one piece of comprehensive telehealth platform protection, it has never been more crucial for protecting critical health data.

About Mattias Fridström

Mattias Fridström is the Chief Evangelist at Arelion, a leading light in global connectivity services. Mattias holds an MSc in Electrical Engineering from the University of Wollongong, Australia. Since joining Telia in 1996, he has worked in a number of senior roles within Telia Carrier (now Arelion) and most recently as CTO.