Various health tech start-ups that released telemedicine applications have seen robust growth during the pandemic. For example, health application Halodoc claims it has doubled the number of downloads of its platform during the COVID-19 pandemic during 2020 compared to the previous year. Another telemedicine start-up, Alodokter, also claims a 50 percent increase in traffic and active users as local administrations implement large-scale social restrictions, while Good Doctor Technology Indonesia said demand for consultation had increased eightfold between February and June 2020. Also, many major hospital operators in Indonesia have launched their own teleconsultation services to tap into the growing telemedicine market in the country, which has been further accelerated by the COVID-19 outbreak.

One of the efforts in cybersecurity and data management during the pandemic was LaporCovid-19, the 56,000-pound project launched in March 2020 by the United Kingdom government’s Digital Access Programme (DAP) to support the Indonesian government. The project has worked closely with the East Java COVID-19 task force, as well as the Jakarta and West Java administrations to integrate COVID-19 data systems and develop data-driven research for policy recommendations. After one year of implementation, the project saw various achievements and the DAP decided in March  2021 to increase funding for the LaporCovid-19 project by 15,031 pounds to work on data integration with local government platforms, data collection of health workers who died from COVID-19, and dissemination of public health information, education and communication materials.

The development in the telemedicine industry and digital health data should be closely followed by improvement in the data security sector because telemedicine opens up new opportunities for challenges and threats in terms of cybersecurity. In Indonesia, according to Article 15 of the Electronic Information and Transactions (ITE) Law, the responsibility of data security is in the hands of the platform owners or applications as the implementor of the electronic system. If there were any leak, breach or data misuse, the application implementor would be responsible for any impact that may arise.

According to a report by the British Standards Institution (BSI) , the National Health Service (NHS) has seen increasing cyber threats in the past year, such as 30,000 malicious emails in March and April 2020, a 6,000 percent increase in “phishing” attacks related to COVID in March and April 2020 and 51,910 signs of malicious activity notified to the NHS by the end of August 2020. Other cyber threats included 595 general practices being infected by the 2017 WannaCry cyberattack and 10 percent of all UK healthcare organizations being breached more than 10 times in the last year.

A breach of cybersecurity means criminals can access, freeze, manipulate and publish data. For a primary healthcare facility, this could include blocking access to email, online appointment booking and triage systems, patient records, staff rotas and contact details, manipulating or corrupting data, for example removing “red flag” alerts from clinical records, changing test results and publishing confidential clinical records. The Internet of Things, which allows remote, digital control of systems such as fridges and freezers, could also become another target.

Many of the risks outlined can be managed by basic cyber-hygiene, as good cybersecurity means applying layers of security measures in case one fails. First, healthcare providers need to ensure the physical security of devices used to process or store sensitive information, such as laptops, tablets and smartphones. Removable devices such as USB memory drives should never be used to store clinical information. Second, healthcare providers should ensure the information stored on devices is protected, so if devices are lost or stolen, the information cannot be compromised. Third, healthcare providers should ensure the systems used to access information are kept secure. Effective access controls, such as requiring strong and regularly changed passwords and two-step authentication, are recommended.

One health service provider that uses a cybersecurity service is UDG Healthcare plc, which appointed BSI and Zscaler to implement a secure web gateway solution initially for 2,000 office-based users and 1,000 remote users. UDG is now using a cloud-based web filtering solution that scales with elasticity to the different divisions’ unique traffic demands, providing round the clock availability, 24 hours a day, 365 days a year. The extensive scanning functionality blocks malware threats including viruses, botnets and zero-day exploits, whether a user is connecting from their desktop, a laptop or a mobile device.

Protecting all aspects of healthcare information from theft, breaches or corruption will ensure that healthcare services not only continue to function, but also thrive. Cybersecurity also underpins safe patient care, the reputation of the healthcare organization and the trust patients place in it. If the technology fails, then the healthcare organization will fail too.

The UK’s Digital Access Programme is currently collaborating with the Indonesian Health Ministry, the National Cyber and Encryption Agency (BSSN) and the Communications and Information Ministry on a cybersecurity in telemedicine project, supported by the UK’s Cyber Capacity Unit. The aim is for this project to focus on various data protection and cybersecurity standards that can be applied in telemedicine, particularly looking at new platforms that are being developed by the Health Ministry. https://bit.ly/3tUyKWq

Popular

Ministry orders remote working for civil servants to help ease traffic congestion

Netanyahu vows victory after Iran strikes, fears of wider conflict grow

18 people killed in South Sulawesi landslide