https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1013
TELEMEDICINE SECURITY: A NEW FRONTIER IN MEDICINE AND
CYBERSECURITY
Muminova S.Sh.
Senior lecturer, Tashkent university of information technologies
named after Muhammad al-Khwarizmi
Abstract:
This article examines the development of telemedicine and its cybersecurity risks,
especially in the wake of the COVID-19 pandemic. With the rapid expansion of telemedicine
services, including applications, wearable devices, and cloud systems, security vulnerabilities
have emerged as a major concern. The article discusses the risks associated with data breaches,
application vulnerabilities, and communication protocols such as MQTT. It highlights real-world
incidents, growth in phishing attacks, and the lack of regulatory consistency. Recommendations
are provided for users, healthcare workers, and service providers to strengthen telemedicine
security and prevent cyberattacks on sensitive medical data.
Keywords:
Telemedicine, COVID-19 , telemedicine services, Medical data breaches,
vulnerabilities of health data security
Telemedicine today is no longer limited to doctor consultations via video calls. It encompasses a
rapidly evolving ecosystem of technologies including specialized applications, wearable devices,
implantable sensors, and cloud databases. The surge in telemedicine usage during the COVID-19
pandemic highlighted its potential and challenges. For instance, projects like Proteus Digital
Health's smart pill revealed serious concerns regarding data storage and privacy. Meanwhile,
vulnerabilities in telemedicine applications and communication protocols such as MQTT
continue to pose threats. The lack of consistent global regulation further complicates security.
Attackers have increasingly exploited medical themes in phishing and malware campaigns, with
over 150,000 such incidents recorded in late 2021. The article concludes with actionable
recommendations for stakeholders to mitigate risks.
Telemedicine today is not just about communicating with a doctor via video call software. It is a
comprehensive ecosystem of rapidly evolving technologies and products, including specialized
applications, wearable devices, implantable sensors, and cloud databases.
Modern telemedicine began taking shape in the late 20th century with the emergence of video
consultations. Even before the pandemic, developments in this field were considered promising.
For example, sensor-equipped pills developed by the startup Proteus Digital Health attracted
hundreds of millions of dollars in investment. The goal of the project was to help doctors track
whether patients were taking their medications. The pill was supposed to transmit a signal
confirming it had been ingested to a wearable patch receiver, which would then send the data to a
mobile application. However, even during the development phase, the system raised serious
concerns about data security and the potential misuse of that information. The startup ultimately
went bankrupt in 2020.
The pandemic triggered an explosive growth in the telemedicine market. With restrictions in
place, the ability to assist patients remotely became a lifeline for many. Clinics rushed to
organize at least some form of remote communication with doctors to reduce the risk of COVID-
19 infection. A McKinsey study found that the use of telemedicine increased 38 times compared
https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1014
to the pre-COVID period. According to data from the CDC, around 30% of all doctor
consultations in the United States from June 26 to November 6, 2020, were conducted remotely.
In India, telemedicine has received government-level support since March 2020. According to
Kaspersky Lab, by 2021, 91% of organizations worldwide had begun offering telemedicine
services.
Nearly two years after the onset of the pandemic, many hastily implemented telemedicine
projects have matured, becoming more stable and secure. However, many systems remain a
patchwork of unverified third-party services that are often inadequate in terms of protecting
patient data.
Thus, we observe a growing trend of digitizing medical services, which involves the handling of
highly sensitive data belonging to millions of people. At the same time, these systems often rely
on relatively new technologies or hastily adopted methods from adjacent industries. It is
reasonable to assume that cybercriminals will quickly take notice of this trend and seek to exploit
it for their own purposes. We decided to investigate this assumption by examining the state of
telemedicine security in 2020 and 2021.
Medical data breaches.
It is not always easy to distinguish between incidents in traditional
offline medicine and those in telemedicine. For example, is a patient data breach from an offline
hospital considered a telemedicine incident? Technically, perhaps not. But given that the
pandemic pushed many healthcare institutions toward remote communication with patients, a
significant portion of the data stored in their databases may have been collected through virtual
appointments. Therefore, virtually any medical data breach could potentially be related to
telemedicine.
Fig.1. The number of data breaches in medical organizations, 2009–2020. Source: HIPAA
Journal.
According to a 2020 report by Constella, the number of personal data leaks in the medical sector
increased by 1.5 times compared to 2019. This data was obtained by analyzing information
published on the dark web.
Figures from the HIPAA Journal, which records breaches in the United States based on official
organizational reports, differ from those in the Constella report but also indicate growth — both
in the number of breaches and in the average number of individuals affected per breach.
According to HIPAA, there were 642 reported breaches from medical organizations in 2020,
compared to 512 in 2019.
The situation did not improve in 2021. As of early December of that year, data from the Office
for Civil Rights at the U.S. Department of Health and Human Services (OCR HHS) indicated
that the number of individuals affected by breaches in the United States exceeded the number of
victims in 2020 by more than 1.5 times. According to HIPAA Journal, by the end of December,
the total number of breaches also increased.
https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1015
Vulnerabilities in applications and devices.
In the summer of 2021, we examined more than 50
popular telemedicine applications for known vulnerabilities. We also tested known malware to
see if it impersonated any of the apps or tried to extract data from them.
At the time, we did not find any known CVEs (Common Vulnerabilities and Exposures) in the
apps we tested. This is both encouraging and concerning at the same time.
The absence of known vulnerabilities unfortunately does not mean that all these apps are secure.
It simply means that cybersecurity researchers either have not analyzed them or have done so
only superficially. Before the pandemic, telemedicine projects were relatively rare, but interest in
them surged in 2020, and many developers created their own apps. From a regulatory standpoint,
there is no global standard: different countries license and monitor these services in their own
way. In some cases, there is no oversight at all. In other countries, only the medical service itself
is licensed, while the app used to deliver it is not subject to regulation. Additionally, large
international apps like GTHE allow users to consult with doctors located in other countries,
which complicates the legal regulation of telemedicine even further.
In the absence of centralized quality control for telemedicine apps, their security levels vary
significantly. Smaller development companies often lack the personnel and resources to ensure
high levels of quality and security, which can result in apps containing many vulnerabilities that
cybercriminals can exploit.
On the other hand, the sheer number of apps may reduce the chances that a specific app will be
targeted, unlike a scenario where a single service is used by all clinics in a given country.
However, this does not eliminate the risk entirely.
Vulnerabilities in wearable devices and sensors.
As mentioned earlier, telemedicine is not
limited to video consultations. It offers new opportunities not typically available in traditional
offline healthcare. These include wearable devices and sensors that continuously or periodically
monitor patient health indicators, such as heart activity.
Before the digital transformation of medicine, such diagnostics required specialized equipment
like cardiac monitors. These monitors involved attaching multiple electrodes to a patient’s div,
which were connected by wires and had to be worn for at least 24 hours — an inconvenient and
cumbersome setup. Today, while cardiac monitors are still used, much more compact wearable
sensors and devices have emerged. These can collect similar data and transmit it to a mobile
device without the need for wires or external electrodes.
But do these wearable devices pose security risks? The most commonly used protocol for
transmitting data from wearable devices and div-worn sensors is MQTT, and the most
frequently used port is 1883. Authentication for this port is optional, and even when present, the
protocol does not support traffic encryption. This means authentication data is transmitted in
plain text, making the protocol vulnerable to man-in-the-middle (MITM) attacks — especially
since it often operates over TCP/IP. For users, this means that if their device is connected to the
internet, an attacker can easily intercept the data being transmitted.
Counting vulnerabilities in MQTT.
MQTT is widely used in Internet of Things (IoT) devices,
including wearable medical technology, and its popularity has grown alongside the rise of smart
devices. Below is a graph showing the number of vulnerabilities discovered in MQTT from 2014
onward. The red bars indicate the number of critical and high-priority vulnerabilities, most of
which remain unresolved.
https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1016
Fig.2. Number of vulnerabilities found in the MQTT protocol, 2014–2021
In 2019, 15 critical vulnerabilities were discovered in the MQTT protocol; in 2020, 8 more were
identified, and in 2021, an additional 18 were found. This presents a serious cause for concern.
Compounding the issue is the fact that updates for Internet of Things (IoT) devices are rarely
released — if they are provided by the manufacturer at all.
Vulnerabilities are found not only in the MQTT protocol itself but also in specific devices and
platforms. One of the leading platforms in terms of the number of identified vulnerabilities is the
Qualcomm Snapdragon Wearable platform. Since its release, over 400 vulnerabilities have been
discovered across various devices using this platform. However, as previously noted, the high
number of identified vulnerabilities does not necessarily indicate poor security — rather, it
reflects the fact that the product has undergone extensive testing by analysts and that developers
are aware of and documenting the issues found in the software.
Fig.3. Number of vulnerabilities found in the Qualcomm Snapdragon Wearable platform, 2019 –
January 2022. Source: https://nvd.nist.gov/
A number of vulnerabilities have also been discovered in devices from other vendors producing
wearable devices and sensors for medical use, such as FitBit.
https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1017
Cybercriminals can exploit these vulnerabilities to compromise user devices and gain access to
highly sensitive medical data. Moreover, it is important to remember that medical devices like
the Apple Watch can also track users' locations. A leak of such data could be exploited not only
for data theft but also for more targeted threats like stalking.
Medicine as bait.
Since the beginning of the pandemic, many cybersecurity companies —
including Kaspersky Lab — have reported that medicine has become an increasingly relevant
lure in cybercriminal schemes. This trend, identified in 2020, continued throughout 2021.
The active development of telemedicine will undoubtedly make it an even more frequent target,
just as the digitalization of banking has made bank phishing one of the most widespread forms of
fraud.
It is difficult to distinguish between telemedicine-related attacks and general medical-themed
attacks, so the statistics referenced below refer to the broader use of medical topics as lures in
phishing and malware campaigns. Nevertheless, it is the digitalization of medical services that
enables phishing and malware distribution disguised as legitimate websites and messages from
healthcare providers.
Between June and December 2021, we recorded over 150,000 phishing attacks using medical
themes.
Fig.4. Dynamics of the number of phishing attacks using medical topics, June - December 2021
At the same time, the peak of web attacks using medical sites occurred in 2020, but now,
apparently, due to the general fatigue of people from the pandemic, this bait is used even less
https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1018
Fig.5. Dynamics of the number of web attacks using medical topics, January 2019 - December
2021
CONCLUSION
The telemedicine topic will remain important and acute for many years to come. According to all
forecasts, the telemedicine market will continue to grow regardless of the success in the fight
against the pandemic. Therefore, participants in the telemedicine process must be well aware of
the risks of security incidents in this area.
Phishing and malicious attacks exploiting the medical topic will continue, and with the
development of telemedicine, the number of services that fraudsters use as bait will increase. In
addition, attackers will most likely try to hack the services themselves. We recommend that users:
Before transferring your personal data to any telemedicine service, try to find out
how this data will be stored and who will have access to it. Try not to use services that do not
care about the safety of your data.
When registering with telemedicine services, always use strong passwords - no
matter how securely the service stores your data, a simple password will give an attacker access
If possible, do not follow links in emails from strangers, even if the subject of the
email seems interesting to you. If you receive an unexpected notification from a telemedicine
service, it is better to open the application itself, not the link in the email.
Medical workers involved in the telemedicine system should protect their work accounts with
complex passwords, and also use two-factor authentication for them. If a healthcare professional
is involved in deciding which telemedicine app to use in a clinic, it is imperative to research the
security of candidate apps.
App vendors should be aware that vulnerabilities in apps and a general lack of attention to
security could allow attackers to gain access to private conversations between doctors and
patients, user databases, payment details, and other sensitive data.
Overall, we expected 2021 to be more of a year of collaboration between the healthcare sector
and information security professionals. To some extent, our expectations were met, but the
explosion of telemedicine has brought new challenges to this collaboration that both industries
have yet to address.
References
1. Kaspersky Lab. (2021). Telemedicine Security Report.
2. HIPAA Journal. (2020). Healthcare Data Breach Statistics.
3. Constella Intelligence. (2020). Dark Web Data Leak Analysis.
4. McKinsey & Company. (2020). Telehealth: A quarter-trillion-dollar post-COVID-19 reality?
https://ijmri.de/index.php/jmsi
volume 4, issue 4, 2025
1019
5. NIST National Vulnerability Database. (2022). MQTT Protocol Vulnerability Reports.
