World Health Day: Kaspersky Warns of Data Breach Risks in Telemedicine

Islamabad : On World Health Day, Kaspersky warns of risks tied to the digitization of healthcare and use of telemedicine. Recent incidents show that medical services can be breached, and as a result, medical records may be leaked and then traded on the dark web. The operations of healthcare services can get disrupted. Another aspect is that healthcare platforms may share user data with third parties that handle it irresponsibly.

Telemedicine has moved from a convenience to a core part of healthcare delivery, but its security model has not kept pace with its adoption, and the risks are not theoretical. Recent incidents highlight how real these risks have become. In 2023, it was disclosed that Cerebral, a major telehealth provider focused on mental health services, had been sharing sensitive patient data – including mental health assessments, intake information, and personal identifiers – with third-party platforms such as social media and advertising networks. Millions of users were affected over several years.

More broadly, incidents in 2025 illustrate a different but equally critical risk – large-scale disruption of digital healthcare infrastructure. The breach of the ManageMyHealth patient portal exposed sensitive medical records of more than 120,000 patients, while the attack on SimonMed Imaging compromised over a million records and led to ransomware demands. These cases show that both telemedicine platforms and the broader digital healthcare ecosystems are increasingly targeted by attackers.

In parallel, scam campaigns focusing on medical topics are evolving, inviting patients for check-ups or follow-up consultations. Often the domains of the alleged “medical services” websites were created and these pages request users’ personal information, including photos of documents and even photos of parts of the body that need medical attention. Such websites often try to convince users with branding, fake doctor profiles, and urgent calls to action. Users risk submitting sensitive personal data that can be either sold on the dark web, be used for identity theft, or subsequently used in more sophisticated attacks in the future that are targeted specifically at them for further data extortion. To safeguard sensitive data, use a reliable security solution with an AI-powered anti-phishing component which prevents clicking on malicious links.

Examples of “telemedicine service” scams that request personal information, including telephone numbers, addresses, insurance numbers, medications currently taken, descriptions of symptoms and even personal photos .

“The digital healthcare experience is transforming access to care, but it is also expanding the attack surface in ways many users underestimate. Medical data is highly valuable and actively traded on the dark web, making patients a prime target for fraud and targeted phishing. At the same time, health-related scams exploit urgency and trust, using fake consultations or discounted offers to trick users into sharing sensitive information. Patients should approach digital healthcare with the same caution as financial services – verifying providers, avoiding unsolicited links, and understanding how their data is used. Security and privacy must become a core part of the digital healthcare experience,” comments Anna Larkina, Web Content and Privacy Analysis Expert at Kaspersky.

To stay safe, Kaspersky recommends people to treat any promo offers for medical consultations with skepticism, especially if they create urgency or request sensitive information upfront. Rely only on official websites and apps when booking appointments. Verify healthcare providers, avoid accessing random healthcare services through links received via email or messaging apps and use a trusted security solution on your device to alert you of scams.