The Internet of Medical Things (IoMT) is part of, and a key enabler for the emerging field of “Digital Health.” While the field holds great promise in chronic condition management, telemedicine, remote patient monitoring and more, it also poses unique cybersecurity risks.
The real challenge for device manufacturers involves looking at reducing related risks (bodily injury, technology errors and omissions, and cyber related risks) while embracing the capabilities of medical related IoT. As with all IoT related devices, there is no single silver bullet that solves or reduces every possible risk.
Based on a company’s risk profile, most employ a combination of internal and external methods to manage their risk exposure. Internally, a company endorses various standards and industry best practices as part of their product development process and procedures. These typically produce an auditable trail of documentation and reviews ensuring quality, safety, and reliability. External to the development process, companies include legal limitation of liability, damage limits, disclaimers, risk transfer and indemnity provisions to curb risk.
Additionally, many companies look to the insurance industry to limit economic exposure to IoT related risk. The National Association of Insurance Companies (NAIC) has recently set up a forum to track development practices in the insurance sector related to IoT
Ongoing research is also being conducted to develop economic models that inform the creation of actuarial tables for IoT. Although originally created for Industrial applications of IoT, these models can be updated to represent additional industries (Economic Impact of IoT Cyber Risk)
As a whole, insurance companies are maturing in how they look at IoT related risks. They are beginning to look at what steps development teams are taking to help mitigate cybersecurity related risks and potentially damaging outcomes from medical IoT (Don’t let your IoT prescription become a risky affliction).