Enabling Secure Remote Access, Telehealth, & mhealth for Healthcare

How Healthcare Organizations are Adapting to the Technology Needs during the COVID-19 Pandemic

The coronavirus pandemic has disrupted organizations and the lives of billions throughout the world, but no industry has felt the impact quite as uniquely as healthcare. Healthcare organizations have faced a dual battle. The industry’s workers on the frontlines are addressing the health effects of the coronavirus, while healthcare organizations are struggling to accommodate the social distancing challenges that necessitated a large shift to remote work for many employees, as well as the expansion of telehealth offerings and mhealth. Addressing these three technology challenges is critical to the success of the frontline workers as well as to protect the healthcare system itself from being overwhelmed.

In this blog, let’s briefly explore 3 big technology challenges, and then share anecdotes from two of BeyondTrust’s amazing and courageous healthcare customers.

1.Securing and enabling remote access - Enabling a productive remote workforce starts with securing remote access. Prior to the pandemic, many office and support workers for healthcare organizations had little-to-no previous work-from-home experience. Once they went remote enmasse, it presented multiple challenges. The shift put a strain on networks, applications, and services structure and opened up many security gaps that threat actors have increasingly exploited.

Many users were forced to rely on personal devices (BYOD), which are not usually not hardened and controlled to the same degree as corporate-provisioned. BYOD presents an even higher (unacceptable) risk when these personal devices are connecting to the corporate-issued VPN. VPNs serve some valid use cases, but they can’t give you the granular access and session controls needed for sensitive/privileged types of access. While VPNs and BYOD should absolutely never mix, in these extraordinary times, it’s been increasingly happening because of the urgency to go remote fast.

With the urgency to go remote, there’s also the risk that healthcare organizations allow access in ways that runs afoul of regulations, such as HIPAA. And, while it would be nice to think cyberthreat actors would cut healthcare organizations some slack as they battle the coronavirus for the benefit us all, cyberattackers have never been known for their charity of human spirt. Cyberthreats, such as ransomware, directed at healthcare organizations and bio-research facilities, are only increasing, while the stakes for protecting uptime are only getting higher. And let’s be clear, especially when healthcare is concerned, these aren’t victimless crimes. A Vanderbilt study actually quantified the cost to human life as a result of ransomware attacks, showing that as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined that experienced ransomware attacks. Today, uptime, and time in general, is of the essence as we confront a multi-pronged battle amidst a global pandemic. Within this backdrop, secure remote access and endpoint security technologies and policies are critical for laying the foundation for success.

2. Telehealth/telemedicine involves the practice of medicine remotely, potentially over long distances, using video teleconferencing and other technologies. Telehealth has experienced strong growth over the past 5 years, but due to the pandemic, demand for telehealth services is now skyrocketing. To address this paradigm shift, the Centers for Medicare and Medicaid Services announced multiple reforms, including 80 additional services delivered through telehealth. “CMS is allowing telehealth to fulfill many face-to-face visit requirements for clinicians to see their patients in inpatient rehabilitation facilities, hospice and home health,” the agency said. Telehealth has proved an important way to minimize coronavirus exposure for healthcare professionals and for patients. This is important both for treatment of coronavirus, as well as for patients to get virtual checkups to continue to address other medical needs, without having to expose themselves to COVID-19. Enabling telehealth requires a layered approach to mobile security, including strong secure remote access protocols, access controls, and more.

3. mhealth, the incorporation of mobile devices and applications for healthcare, has also been playing an increasingly important role in healthcare over the last half-decade. Mobile devices—from smartphones to wearables and much more—can be used for diagnostics, education, symptom tracking, and health monitoring to name a few. The devices can capture health data to be used by the patient alone (such as sending alerts/reminder about their treatments or health regimen), and/or shared remotely with a centralized healthcare system to inform better healthcare decision-making for the patient and for others. These tools can also help healthcare providers, communities, and government leaders better understand where outbreaks are beginning to occur so that they can make more informed decisions and communications around public safety. Some ways mhealth is being applied to the challenges of the COVID-19 pandemic include:

• Frontline healthcare workers using mHealth wearables to remotely monitor for COVID-19 symptoms.
• Crowd-sourcing data from users of wearables to understand behaviors that lead to virus spread as well as various health outcomes
• Performing at-home risk coronvirus assessments to help users understand if they should seek treatment
• Monitoring cardiac effects via smartwatches worn by coronavirus patients receiving experimental treatments, to understand the side effect profile.

However, just like any other endpoint, mhealth devices need to be managed. Sometimes, these devices have default credentials that could be exploited. Some devices lack the computing power necessary to run traditional endpoint security solutions, like AV. Yet, the data they record and communicate is potentially highly sensitive, so it’s important to at least layer on privileged access security controls, use strong encryption, and harden the devices as much as possible.

Let’s now hear from a couple of our customers in the healthcare field about how BeyondTrust has helped them stay agile and secure as they adapt and roll-out new technologies amidst the pandemic.

How a New York City Area Hospital Kept Workers Safe & Expanded Telehealth

Mount Sinai South Nassau Hospital is located in a suburb of New York City, the once global epicenter of the COVID-19 pandemic. The coronavirus pandemic necessitated not only a large shift to remote work for many of the hospital’s employees, but also a much stronger reliance on telehealth. Deploying BeyondTrust Remote Support was key to securely and quickly adapting to these shifts.

Susan Flanagan, Senior Manager of IT Service Delivery, explained “While the COVID-19 pandemic has affected everyone, people tend to forget just what kind of effort it required to get 2500+ employees ready to work remotely practically overnight.”

“I was calling vendors looking for a fast trial that met HIPAA requirements and our security teams’ demands for safety,” Susan continued. “I wasn’t even a customer yet and your team [BeyondTrust] treated me like I was your ONLY customer. We have been able to meet the demands of supporting home equipment and getting people ready to work so they can continue essential operations for a health care system, while building out capacity for surge patients, all while keeping our backbone operational staff safe at home. We would not have been able to accomplish this without BeyondTrust.”

How a Kentucky Health System Securely Enabled a Massive Shift to Remote Work & Telehealth

The BeyondTrust team was also busy helping existing customers scale their remote work and telehealth instances.

Norton Healthcare, a major healthcare provider in Louisville, KY, was using BeyondTrust Remote Support for more than a decade, but was recently faced with the challenge of adequately supporting the exploding number of remote workers due to COVID-19.

“We went from roughly 30 providers that could provide telehealth services to 1,800 in a matter of a few weeks,” said Mitch Bryant, Information Services Production Support Manager at Norton Healthcare. “We were not used to supporting thousands of new telehealth visits, but BeyondTrust helped us keep up with the sudden increase in demand to support these services. Having a tool that is easy-to-use for our physicians and clinical staff is extremely important, and BeyondTrust provides just that.”

“We’ve seen firsthand how seamlessly our customers have been able to quickly implement and scale in order to keep their service desks running smoothly. With BeyondTrust, service desk technicians can help solve their customer’s issues quickly and securely every time. “

Additionally, Norton Healthcare, achieved these service improvements leveraging BeyondTrust Remote Support:

• Reduced incident handling times by 30-60%
• Increased first-call resolution by 55%
• Decreased on-site visits for remote offices by 90%

How BeyondTrust Enables Secure Remote Work, Telehealth, & mhealth

Communities across the world are counting on the healthcare sector more than ever. BeyondTrust privileged access management (PAM) solutions and team members are helping healthcare meet address challenges around secure remote access, endpoint security, and more so that they can enable their workforces to remain productive and safe, while serving patients and their communities.

BeyondTrust provides a privileged access management (PAM) platform comprised of three integrated solutions—Secure Remote Access (Remote Access + Privileged Remote Access), Endpoint Privilege Management, Privileged Password Management). Here’s a brief look at some of our products and solutions that are being leveraged by healthcare organizations to securely enable remote work, telehealth, and mhealth:

Privileged Remote Access empowers IT teams to control, manage, and audit remote privileged access by authorized employees, contractors, and vendors, without compromising on security—no VPN required. The solution enforce least privilege and exerts granular control and visibility over remote access for both insiders and third parties, while enabling user productivity. It also includes an enterprise credential Vault, so you can confidently extend password security best practices to vendors and third-party access.

Remote Support empowers help desk teams to quickly and securely access and fix any remote device, on any platform, with a single solution. In addition to addressing the broadest range of attended and unattended support use cases, the solution boasts the strongest security of any solution in its class.

Endpoint Privilege Management combines privilege management and application control to efficiently manage admin rights on Windows, Mac, Unix, Linux, and network devices, while enhancing end-user productivity. Many types of malware (such as ransomware), require privileges to execute. Enforcing least privilege and controlling applications is arguably the most powerful way to reduce enterprise attack surface. Even in attacks that least privilege can’t outright protect, it can mitigate the damage by closing of lateral pathways and privilege escalation.

Privileged Password Management solutions enable automated discovery and onboarding of all privileged accounts—human and machine, secure access to privileged credentials and secrets, and auditing of all privileged activities. These solutions can eliminate embedded passwords and replace with API calls, and ensure password security best practices are applied for users and endpoints—including mhealth devices and IoT.

Organizations can deploy a single BeyondTrust product to meet one or a few specific use cases (i.e. remote support, vendor access, remote employee access, endpoint privilege management, etc.), or implement the entire BeyondTrust platform and benefit from comprehensive coverage of remote access pathways and privileged access. Our quick-start innovations allow customers to deploy BeyondTrust solutions fast and achieve rapid leaps in end-user productivity and risk reduction, often in just hours or days. In the era of the coronavirus, these capabilities have been crucial for meeting the business continuity and productivity needs of enterprise without compromising on security.

Do you have a story about how BeyondTrust has helped your organization? I want to know about it! Email BeyondConnections@beyondtrust.com to share your story—who knows, your name may just be in our next blog!