Telehealth is a way for health providers to diagnose, treat, and communicate with patients remotely, by phone or video. Telehealth is a quick and easy alternative to your typical doctor’s appointment, but it could also be a quick and easy way for cybercriminals to find targets.
Here are some ways to safeguard your personal information while using telehealth services.
Keep Your Device Up-to-Date
Whether you connect to telehealth using a smartphone or a computer, make sure the device is up-to-date with the latest security patches. This includes updating all applications, not just the ones used for telehealth purposes. Each app is a potential point of entry for cybercriminals. If the bad guys gain access to your device in any way, then your sensitive medical information will be at risk.
Use an Advanced Login
Telehealth services typically require users to create a username and password. If the service offers Multi-factor Authentication (MFA), use it! MFA requires you to enter your password and then enter another form of verification, such as a code sent via text message. If MFA isn’t offered, we recommend using a password manager to generate and securely store complex passwords.
Connect with a Secure Network
Never use a public wifi connection for telehealth services. You never know who could be watching and tracking your activity. When connecting from home, be sure to set up a strong password for your router. Default router passwords are often public knowledge or easy to guess. For the most secure network, connect to a virtual private network (VPN), which encrypts web traffic to protect your information.
Ring is a popular brand of security cameras designed for home safety. Unfortunately, Ring customers were the latest victims of a phishing attack. Cybercriminals sent phishing emails spoofed as Ring to try and steal customers’ sensitive information.
Cybercriminals start this attack by sending you a phishing email with an HTML file attached. The email looks like it’s from Ring, and it instructs you to open the file to update your Ring membership. If you click this file, you’ll be redirected to a malicious website that spoofs Ring’s login page. This website prompts you to enter sensitive information, such as your credit card number and social security number. If you enter your information, you’ll be redirected to Ring’s legitimate website, making the email look more real.
Follow the tips below to stay safe from similar scams:
- Never click a link or download an attachment in an email that you aren’t expecting.
- If you receive an email claiming that you need to make changes in your account, always log in to the organization’s website directly.
Remember that this type of attack isn’t exclusive to Ring. Cybercriminals could use this technique to impersonate any type of service.
When you receive an unexpected email from an online service or business, proceed with caution. For example, if you receive an email from eBay stating that you have won an online auction, ask yourself the following questions to verify that the email is legitimate:
- Do you have an eBay account? If you receive an email from an organization that you do not have an account with, don’t click any links in the email.
- Did you bid on an eBay auction recently? If you haven’t bid on an auction, then the email is probably fake.
The questions above do not only apply to eBay and online shopping websites. Cybercriminals can send malicious emails that appear to come from several different types of organizations, such as bands, social media platforms, and shops. Remember to stop, look, and think before you click any links in emails.
If you’re unsure if an email from an organization is legitimate, open a web browser and visit the organization’s website. From the website, you can log in to your account and verify any activity that has taken place.