Doxy.me Leak: How to Avoid Telemedicine’s Cybersecurity Pitfalls

    Close your eyes for a second and imagine yourself browsing through an abundant selection of books on your favorite online store or e-commerce app. Your activity and information are collected and then fed to advertising firms for analysis and indexing. This process is called data mining. It’s how advertisers narrow down their prospects and influence consumers’ buying decisions.

    Now imagine if this was your telemedicine platform instead of an online store or an e-commerce app. Doesn’t the thought of potentially exposing patient health information (PHI) scare you?

    The recent Doxy.me leak made that threat a reality for many providers. Although patient health information remained uncompromised, reports of three third-party firms — Google, Facebook, and HubSpot — gaining access to some information still left many providers and patients wary.

    It begs the question: Is the Doxy.me leak just the first of many more telemedicine privacy and security issues to come?

    What Is Doxy.me?

    doxy.me leak

    Doxy.me is a popular web-based telemedicine solution that offers providers a free platform. However, the free version is limited to virtual visits only. The company provides more comprehensive features like billing, file transfer, group calling, and text and email notifications for a fee.

    Launched in 2014 by Brandon Welch, a Medical University of South Carolina biomedical informatics professor and the company’s current CEO, Doxy’s user base has grown from 80,000 before the pandemic to 1.2 million users worldwide.

    "Cost should never keep someone from using telemedicine," said Welch in an interview with Bloomberg Linea. He described Doxy as "simple, free, and secure" and compared it to video messaging service, Skype.

    “Skype, but for doctors,” Welch quipped.

    The Extent of the Leak

    doxyme data leak

    Cybersecurity media outlet Cyberscoop first reported the Doxy.me leak on December 10, 2021. It revealed that the company was fixing an issue that allowed third-party firms, Google, Facebook, and HubSpot, to access user data through its virtual waiting room.

    Read More: Telehealth Security: How EHRs Protect You From Cyberattacks

    Privacy researcher Zach Edwards found that the platform shared IP addresses and unique device identification numbers with the three companies. Doxy.me representatives explained that the data collection was part of a marketing campaign they were running at the time.

    Doxy.me’s privacy policy explicitly states that it shares usage data with third-party entities. However, this disclosure can easily get buried under lengthy policy statements. As a result, users, especially those who don’t have the time to parse complex regulations, could overlook this vital piece of information.

    According to Consumer Reports Director of Consumer Privacy and Technology Policy Justin Brookman, companies like Doxy should take it upon themselves to lay their policies bare for all their users to see, especially those with grave privacy and security implications.

    The Safer Telemedicine Solution

    secure safe telemedicine solution

    Telemedicine is here to stay — there’s no escaping it. But despite all of the benefits it offers, it still poses a dilemma to providers: embrace telemedicine and all its accompanying risks or focus solely on in-person care but get left behind.

    Read More: Health Experts Are Making Sure Telehealth Is Here to Stay

    Thankfully, you don’t have to choose between the lesser of two evils. There is a safer solution — one that empowers you to offer telemedicine services without putting your practice and patients at risk from cybersecurity threats: Televisit.

    Developed by Meditab for its flagship electronic health record (EHR) software, Intelligent Medical Software (IMS), Televisit provides you and your patients a safe virtual space to hold remote visits. It utilizes a HIPAA-compliant network that you can securely and conveniently access from your desktop computer or mobile device, using IMS’s mobile EHR, IMSGo. In other words, Televisit combines the security of your EHR and the convenience of mobile functionality.

    Adapt to Modern Changes Without Compromise

    hipaa compliant telemedicine software platform

    As telemedicine grows in popularity, regulatory bodies and industry leaders are taking steps to further strengthen its cybersecurity safeguards. However, since it’s still relatively new to most providers and patients, you can expect more growing pains in the foreseeable future.

    Although the Doxy.me leak should serve as a cautionary tale, you shouldn’t let it scare you away from embracing telemedicine. Like in most cases of pivotal innovation, telemedicine’s adoption is bound to come across obstacles along the way. The key is to find ways to adapt without compromising your data security. After all, it's an area of your practice you should invest in heavily.

    A free telehealth platform might be an appealing proposition, but the costs from a security breach could set you back millions. Investing in a more secure telemedicine platform, like Televisit, offers your practice a priceless benefit: peace of mind.

    Learn More About Televisit