15 Essential Computing and Cybersecurity Terms and Information for Solo Mental Health Telehealth Providers
- May 24, 2024
- 5 min read
Vol. 1, No. 4 | May 24, 2024 | By Dave Larsen, Väsentlig Consulting LLC
When providing mental health services via telehealth technology, solo practitioners in home office settings need to be aware of various computing and cybersecurity threats that can compromise sensitive client information and the integrity of their services.
Here are 15 essential terms that computer users in this field should understand, along with detailed descriptions and suggested remediation steps:
1. Outdated Software: Failure to regularly update software programs with the latest security patches (i.e., updates provided by software developers to fix vulnerabilities that could be exploited by cybercriminals). This can leave systems vulnerable to known threats and exploits.
Remediation: Enable automatic updates for all software, regularly check for and install updates manually if automatic updates are not available and replace unsupported or obsolete software.
2. Weak Passwords: Using easy-to-guess or commonly used passwords, which can be easily cracked by cybercriminals, compromising account security.
Remediation: Create strong, unique passwords for each account. Use a password manager to store and generate passwords. Enable multi-factor authentication (MFA), which is an authentication method that requires two or more verification factors to gain access to a resource, which enhances security.
3.) Unsecured Wi-Fi Networks: Public or unprotected Wi-Fi networks that can be exploited by cybercriminals to intercept data or gain unauthorized access to devices.
Remediation: Use a Virtual Private Network (VPN), which is a service that encrypts your internet connection, providing privacy and security by creating a private network across a public network. Especially important when accessing a public Wi-Fi. Also, ensure your home Wi-Fi network is secured by utilizing WPA3 encryption, which means “Wi-Fi Protected Access 3”. It is the latest security protocol developed by the “Wi-Fi Alliance” to secure wireless computer networks.
It was introduced in 2018 as a successor to WPA2, with the aim of providing enhanced security for both personal and enterprise networks. WPA3 uses a stronger encryption algorithm called 128-bit encryption for personal networks. This makes it significantly harder for attackers to crack passwords and access the network. It employs Wireless Encryption (OWE), which ensures that data transmitted over open Wi-Fi networks (such as those found in cafes or airports) is encrypted, offering better privacy and security than traditional open networks. Overall, WPA3 addresses the vulnerabilities present in WPA2 and provides a higher level of security to protect against modern threats. It is recommended for all Wi-Fi networks to upgrade to WPA3 to ensure the highest level of protection.
4.) Insider Threats: Malicious or accidental actions by employees, contractors, or other insiders that can lead to data breaches, theft of sensitive information, or system vulnerabilities.
Remediation: Implement strict access controls and regular monitoring, conduct thorough background checks, and establish clear policies and procedures for data handling and incident response.
5.) Social Engineering: The manipulation of individuals into revealing sensitive information or performing actions that compromise security, often through tactics like impersonation or exploitation of trust.
Remediation: Educate yourself on common social engineering tactics, verify the identity of individuals before sharing sensitive information, and be cautious of unsolicited requests.
6.) Phishing: Fraudulent emails or messages designed to trick individuals into revealing sensitive information or installing malware (software designed to harm, exploit, or otherwise compromise the integrity of computer systems).
Remediation: Use email filters to detect and block phishing emails, educate yourself on identifying suspicious emails, and avoid clicking on links or downloading attachments from unknown sources.
7.) Smishing: A form of phishing that involves sending deceptive text messages to lure recipients into revealing sensitive data or visiting malicious websites.
Remediation: Be cautious of unsolicited text messages, verify the legitimacy of any links received via (Short Message Service) SMS, a text messaging service component of most internet and mobile device systems. Use mobile device security solutions to detect and block smishing attempts.
8.) Spearfishing: A targeted form of phishing that uses personalized emails or messages to trick specific individuals or organizations.
Remediation: Use multi-factor authentication (MFA) to protect accounts, regularly update passwords, and be wary of any unexpected requests for sensitive information, even from known contacts.
9.) Vishing: A type of phishing attack that utilizes voice calls or voice messages to deceive individuals into revealing sensitive information. Cybercriminals often use caller ID spoofing to appear as trusted entities.
Remediation: Verify the identity of the caller independently before sharing any information, use call-blocking tools to filter suspicious calls, and educate yourself on common vishing tactics.
10.) Malware: Malicious software designed to gain unauthorized access or cause damage to a computer system, such as viruses, worms, Trojans, and ransomware.
Remediation: Install and regularly update antivirus and anti-malware software, avoid downloading software from untrusted sources, and keep your operating system and applications patched.
11.) Ransomware: A form of malware that encrypts a victim's files and demands a ransom payment to regain access. This type of attack can be devastating for mental health practitioners, as it can result in the loss of sensitive client information.
Remediation: Regularly back up data to an off-site or cloud storage solution, use robust antivirus software to detect and block ransomware, and educate yourself on avoiding ransomware infection vectors (the method or pathway used by a cyber threat to reach and infect a target system).
12.) Data Breach: An incident where sensitive, protected, or confidential data is accessed, copied, transmitted, viewed, stolen, or used by an unauthorized individual. Data breaches can occur due to weak security measures, insider threats, or sophisticated attacks.
Remediation: Implement strong access controls and encryption for sensitive data, conduct regular security audits, and train yourself on data protection best practices.
13.) Web Beacons: Small transparent images embedded in web pages or emails that track user behavior and collect data without the user's knowledge.
Remediation: Use email clients and web browsers that block tracking technologies, configure privacy settings to minimize tracking, and regularly clear cookies and cache.
14.) Tracking Pixels: Similar to web beacons, these tiny graphics are used to monitor user activity and gather information about website visitors.
Remediation: Use browser extensions or settings that block tracking pixels, avoid clicking on suspicious links, and regularly review and adjust privacy settings.
15.) Typosquatting: The practice of registering domain names that are similar to legitimate websites, often containing common misspellings, to deceive users and potentially distribute malware or steal information.
Remediation: Be cautious when typing URLs, use bookmarks for frequently visited sites, and consider using a web browser that warns about potentially deceptive websites.
By understanding these cybersecurity threats and implementing the suggested remediation steps, solo mental health practitioners can better protect their clients' sensitive data and maintain the integrity of their telehealth services, even with limited technical expertise.
References:
These sources provide comprehensive insights into various cybersecurity threats and best practices for safeguarding sensitive information in telehealth services.
Symantec. (2020). The Different Types of Phishing Attacks. Retrieved from: https://www.symantec.com/blogs/threat-intelligence/different-types-phishing-attacks
Verizon. (2020). 2020 Data Breach Investigations Report. Retrieved from: https://enterprise.verizon.com/resources/reports/dbir/
National Institute of Standards and Technology (NIST). (2018). NIST Special Publication 800-63B: Digital Identity Guidelines. Retrieved from:
HealthIT.gov. (2020). Cybersecurity Best Practices for Healthcare Providers. Retrieved from:
Europol. (2020). Internet Organised Crime Threat Assessment (IOCTA) 2020. Retrieved from: https://www.europol.europa.eu/activities-services/main-reports/internet-organised-crime-threat-assessment-iocta-2020
Comments