Telehealth systems deliver remote care of elderly and physically less able patients as well as remote surgeries, treatments, and diagnoses. In this regard, several systemic properties must be satisfied (such as security) in order to ensure the functionality of Telehealth systems. Although existing studies discuss different security episodes that involve Telehealth systems, it is difficult to have a clear standpoint about which are the most reported security issues and which solutions have been proposed. Furthermore, since Telehealth systems are composed of several software systems, it is not clear which critical areas of Software Engineering are relevant to develop secure Telehealth systems. This article reports a systematic mapping study (SMS) whose purpose is to detect, organize, and characterize security issues in Telehealth systems. Based on the SMS results, we examine how Software Engineering may help to develop secure Telehealth systems. From over a thousand studies, we distinguished and classified 41 primary studies. Results show that (i) four security classifications (attacks, vulnerabilities, weaknesses, and threats) concentrate the most reported security issues; (ii) three security strategies (detect attacks, stop or mitigate attacks and react to attacks) characterize security issues, and (iii) the most relevant research themes are related to insecure data transmission and privacy. The SMS's findings suggest that software design, requirements, and models are key areas to develop secure Telehealth systems.
