For quite some time, the Internet of Things has been the digital driving force in many industries, and the healthcare industry is no exception.
Indeed, for several years now, IoT has helped improve efficiencies within healthcare facilities by allowing practitioners to capture medical data and facilitate medication delivery remotely. In addition to monitoring and caring for patients, healthcare practitioners can also use medical IoT devices to streamline the workforce, manage hospital equipment, and keep costs down.
Despite the convenience and opportunities that IoT offers in the healthcare industry, it is not without new and emerging risks for healthcare facilities, patients, and technology companies alike. The risks associated with IoT can extend to any connected device that is introduced into the healthcare network, whether it is a smart device or a wearable. Let’s take a closer look.
Risky business
Cyberattacks. Unlike traditional IoT, healthcare IoT poses more security risks than anything else ever witnessed in the industry. Identity thieves target record systems, leading to financial loss and reputation damage if that data is exposed.
Imagine a scenario where hackers gain access to a patient’s sensitive data and then try to sell it. This can happen when the patient’s health data is relayed from one network to another, from mobile health clinics to their database. According to the World Privacy Forum, medical records – including name, health ID, address, and social security number – can fetch up to $50 each on black markets.
As such, it comes as no surprise that the healthcare industry is a prime target for cyber attacks. Cyber attackers can also gain control over healthcare equipment. Consequently, this can disrupt hospitals and obviously result in a myriad of dire consequences.
Bodily injuries. Technology has made it possible for the world of medical devices to remain connected. To wit: Many people use wearable medical devices that constantly monitor their heart rate, sleep patterns and glucose levels. A healthcare practitioner can easily extract this data and load it into an electronic medical records (EMR) system linked to the hospital network.
However, a patient or user could be injured or even die if a wearable IoT device was to fail or work as intended. A manufacturing defect, a defective design, or product misuse could endanger the user and expose the IoT device manufacturer to bodily injury risk.
For instance, a patient could sue the manufacturer if an IoT device fails to send compliance data to the doctor at the expected time. This is especially true if the flaw in the transmitter were to cause the patient’s condition to worsen.
Besides bodily injury, another risk with IoT is error or omission in the technology. To be sure, error, omission, or an act of negligence in the design of an IoT device could lead to business disruption or loss of profit to the purchaser. In this case, the company could file a complaint against the technology business for financial loss, reputational damage, or business interruption.
For medical IoT devices to function effectively, it is necessary to service and update the firmware. Otherwise, lives are endangered, and the devices may be more prone to attack. Unfortunately, IoT devices can be challenging to maintain and it can even take months for a patch to rectify the issue.
Furthermore, most healthcare facilities and hospitals are short on security staff, and their IT budgets are limited. This makes it challenging to adhere to a change management and patch validation routine.
Clearly, the lack of standardization of IoT in the healthcare industry poses a significant threat to the development and adoption of IoT in medicine. There is no unified system, and manufacturers and the industry have not yet defined wireless communication protocols and standards. Generally, the lack of interoperability between systems in IoT platforms can hinder a safer and more satisfying experience for patients and healthcare practitioners.
How to manage IoT risks in medicine
Healthcare professionals rely on accurate data to administer treatment and make critical decisions. Therefore, the risks associated with IoT in the healthcare industry could have life or death consequences if not addressed.
Here are some steps that can be taken to secure medical IoT devices.
Adhere to standard best practices. It is increasingly vital for experts to follow standard best practices for the security of healthcare IoT devices. This involves performing a thorough risk assessment on the IoT devices to better understand the vulnerabilities that exist. Experts should also monitor network traffic before deploying devices to ensure that users get seamless results and satisfaction.
On-Site maintenance. Before incorporating IoT into a healthcare system, one should first understand the maintenance required. Over time, IoT devices become worn out, and there is a need for maintenance and regular updates. This means considering one’s budget, especially if one has a limited security staff, and may feel compelled to hire a professional.
Segment Networks. Healthcare IT professionals should consider a security vendor that can offer internal segmentation firewalls (ISFWs). These firewalls can help protect against potential security breaches because they operate inside the network rather than at the edge.
Consequently, hospitals and other healthcare facilities can quickly segment networks between healthcare professionals, patients, administrators, and guests. Additionally, system administrators can segment public networks from other networks, separate traffic by department, and even prohibit access to events and assets on virtual LAN.
Keeping connected medical devices secure is a group effort
There is no denying that IoT plays a crucial role in the transition of healthcare globally. It allows doctors to offer efficient and timely treatment to patients on-premise or remotely. However, the security of IoT connected devices should not be neglected.
Hospitals looking to introduce connected medical devices to their network must ensure adequate security capabilities and budgets to defend against potential threats. Manufacturers and security vendors also have a responsibility in developing HIPAA-compliant solutions. Generally, both healthcare vendors and healthcare organizations need to take the necessary steps to address the risks associated with IoT in medicine.
