Authors

Abstract

The rapid growth of telehealth due to recent global health crises has highlighted its vulnerabilities, particularly to phishing attacks. These attacks exploit both technical and user behaviour gaps and pose significant risks to sensitive health information. We demonstrate a hybrid ML model (Random Forest + XGBoost) that detects phishing URLs in telehealth portals with 93% accuracy, validated through a browser plugin in real time. We integrate this model into a telehealth-optimized DevSecOps pipeline, enhancing security measures. A notable case study showcases a browser plugin ("Phish & Chips") that blocks malicious portals pre-login while automating compliance audits. Our approach employs real-time data, behavioural analytics, and EHR integration to harden defences, improve detection, accelerate response times, and ensure HIPAA compliance. This approach is not only good for security and operational resilience but also a scalable and cost-effective solution for telehealth platforms.

Keywords

Phishing, Machine Learning, DevOps, Telehealth, Healthcare Analytics