The Internet of Things (IoT) has become prevalent in the healthcare industry due to the benefits derived from sharing patient data and treatment information through connected devices. This convergence of physical assets and digital technologies is the way of the future in healthcare, but will only be of limited value if data and systems can be compromised by bad actors.
According to an article by John Shin of the Forbes Technology Council, “That’s precisely why we need to take steps to secure sensitive patient healthcare data, mission-critical healthcare systems and every connected device along the Industry 4.0 value chain”.
IoT Security Must be a Top Priority
A recent Becker’s Hospital Review webinar stated that over the next five years 70% of all medical devices will be connected to a network. However, up to 20% of these devices are currently vulnerable to attack. IoT enabled technologies such as defibrillators, radiology equipment and insulin pumps are susceptible.
Although progress is being made in the area of security, there is a long way to go. Therein lies the challenge.
Securing Healthcare IoT Devices
The first step in dealing with this critically important and daunting challenge is to take these risks seriously – they cannot be ignored. Healthcare providers must understand how to identify and assess risks, and insist that IoT technology providers embed defense in depth in their IoT product developments. They must “make sure devices have undergone rigorous vulnerability testing and made cybersecurity a critical issue at all phases of the design process”. Protecting the entire healthcare supply chain requires collaboration between healthcare and IoT technology providers.
The healthcare industry must employ “the same risk assessment and management principles that generally exist in cybersecurity” in the IoT realm. The HITRUST Alliance has issued detailed risk and threat modeling that can be used by healthcare organizations. The modeling indicates that distributed denial of service (DDoS) is the most common type of attack and can be used to demand ransoms in return for restoring devices. Other common attacks are malware infection and unauthorized access to data through misuse of privileges.
Training employees, or any authorized users, must be an integral part of the risk mitigation strategy. There needs to be an awareness of the role they play in protecting the integrity of systems, and an understanding as how to safeguard credentials.
The federal government has passed legislation designed to make IoT devices more secure, and the FDA has published healthcare device security guidelines. Healthcare providers should be vigilant about adhering to these regulations and recommendations.
Healthcare providers take a holistic view of security, and implement networking architectures that isolate hacks to IoT devices that do not infect entire networks.
The Bottom Line
Shin concludes by saying, “Connected healthcare and smart devices are only getting more prevalent and sophisticated. The COVID-19 crisis and trends already set in motion by the Fourth Industrial Revolution are merely accelerators. Healthcare facilities and providers should both embrace the technology and begin putting in the proper safeguards to mitigate risk.”
Allegro Software, headquartered in Boxborough, Massachusetts, is a leading provider of IoT edge security and connectivity software toolkits to manufacturers worldwide. Field proven in over 250,000,000 devices, our solutions enable OEMs in the Energy, Healthcare, Medical, Military, Enterprise, and Consumer sectors to create connected, secure devices using TLS, SSH, FIPS 140-2 and more.
Since 1996, Allegro has been on the forefront of leading the evolution of embedded device management, security, and connectivity with its patented embedded web server and security toolkits.