Telehealth App Risk Profile
The threat profile of telehealth platforms
60% of PHI breaches comprising 88% of stolen records were related to hack/IT incidents in 2019.
If telehealth cybersecurity is not well implemented, there can be several negative consequences:
- Theft of licenses and IP and jeopardizing economic security
- Violating patient privacy resulting in breaching HIPAA, which is punishable by law
- Damaging brand recognition
- Revenue loss due to fewer patient and provider engagements
- Millions of dollars in fines and lawsuits
3 popular telehealth mobile app hack risks



Reverse Engineering
Common attack methods:- Runtime memory inspection
- Disassembly
- Differential attacks
- Reverse control flow
- Interactive debugging
How can you be affected?
- Steal IP and patient PHI
- Gain sensitive and valuable information to be used for tampering
- Disclose cryptographic assets
- Divulge key server information which can be used for a large-scale server attack



Tampering
Common attack methods:- Data/code lifting
- Control flow modification
- Data/program file or binary replacement
- Branch jamming
How can you be affected?
- Modify app’s behavior
- Replace or modify datafiles and executables
- Steal patient data



Exploitation
Common attack methods:- Automatic exploits
- Dynamic library exploits
- Redistributing the entire system and data decryption
- Malware installation
How can you be affected?
- Disclose PHIs
- Decipher critical encrypted data
- Steal patient identity