{"id":25421,"date":"2026-04-07T18:08:08","date_gmt":"2026-04-07T14:08:08","guid":{"rendered":"https:\/\/me-en.kaspersky.com\/blog\/?p=25421"},"modified":"2026-04-07T18:08:08","modified_gmt":"2026-04-07T14:08:08","slug":"telehealth-issues-2026","status":"publish","type":"post","link":"https:\/\/me-en.kaspersky.com\/blog\/telehealth-issues-2026\/25421\/","title":{"rendered":"Is telehealth actually safe?"},"content":{"rendered":"

April 7 marks World Health Day. The theme for 2026 is \u201cTogether for health. Stand with science<\/a>\u201d\u00a0\u2014 a call to join forces in the fight for evidence-based medicine and scientific progress. Many people view telehealth as one of the crowning achievements of this progress: you can basically get a doctor\u2019s consultation in five minutes without ever leaving your couch. But\u00a0there\u2019s a catch\u2026<\/p>\n

Medical data sells on the black<\/a> or gray<\/a> markets for dozens of times more than credit card info or social media logins. Unlike a credit card, which you can just block and replace, you can\u2019t exactly reset your medical history. Your name, birthday, address, phone number, insurance ID, diagnoses, test results, prescriptions, and treatment plans stay relevant for years. This is a goldmine for everything from targeted marketing to blackmail, fraud, or identity theft.<\/p>\n

And with the rise of AI, the internet is now flooded with fake websites that claim to offer medical services but are actually designed to strip-mine confidential info from unsuspecting victims. Today, we\u2019re diving into which medical details are at risk, why hackers want them, and how you can stop them in their tracks.<\/p>\n

More valuable than credit cards<\/h2>\n

Scammers monetize stolen medical data both in bulk and through individual sales. Their first move is usually to extort a ransom from the companies they\u2019ve successfully hacked. (In fact, back in 2024, 91% of malware-related healthcare data leaks in the U.S. were the result<\/a> of ransomware attacks.) But later, the leaked data is then used for pinpointed, personal attacks. It allows hackers to build a medical profile of a victim\u00a0\u2014 what meds they buy, how often, and what they take long-term\u00a0\u2014 to then sell that info to big pharma or marketers, or to use it for targeted phishing scams like pitching a fake innovative treatment. They can even blackmail a patient over a sensitive diagnosis or use the info to fraudulently score prescriptions for controlled substances. On top of that, insurance companies are also hungry for this kind of data. They analyze these details to hike up insurance premiums for patients or, in some cases, refuse to provide coverage altogether. In short, there are plenty of ways they can use it against you.<\/p>\n

How bad is it really?<\/h2>\n

The biggest medical data breach in history went down in February 2024, when the BlackCat hacking group broke into the systems of Change Healthcare<\/a>. This is a division of UnitedHealth Group, which processes around 15 billion insurance transactions a year and acts as the financial middleman between patients, healthcare providers, and insurance companies.<\/p>\n

For nine days, the attackers roamed freely through Change Healthcare\u2019s internal systems, siphoning off six terabytes of confidential data before finally launching their ransomware. UnitedHealth was forced to completely yank Change Healthcare datacenters offline to stop the encryptor from spreading, and they ended up paying a 22-million-dollar ransom to the extortionists. The attack effectively paralyzed the U.S. healthcare system. The number of victims was revised three times: first 100 million, then 190 million, and the final tally hit a staggering 192.7 million people, with total damages estimated at 2.9\u00a0billion dollars. And the reason (on the Change Healthcare\u2019s side) for this massive incident\u00a0\u2014 which we broke down in detail in a separate post<\/a>\u00a0\u2014 was simply\u2026 a lack of two-factor authentication on a remote desktop access portal.<\/p>\n

Before that, the mental health telehealth startup Cerebral embedded<\/a> third-party tracking tools<\/a> directly into its website and apps. As a result, the data of 3.2 million patients\u00a0\u2014 including names, medical and prescription histories, and insurance info\u00a0\u2014 leaked out to LinkedIn, Snapchat, and TikTok. The U.S. Federal Trade Commission slapped the company with a 7.1-million-dollar fine, and issued an unprecedented ban on using medical data for advertising purposes. By the way, that same startup also made the headlines for sending its clients promotional postcards without envelopes<\/a>, displaying patient names and phrasing that made it easy for anyone to figure out their diagnosis.<\/p>\n

Why telehealth is so vulnerable<\/h2>\n

Let\u2019s take a look at the main weak spots in telehealth services.<\/p>\n