Smart or IoT (Internet of Things) devices, while enhancing connectivity and providing improved experiences, must also be understood in terms of security. This is especially true for the healthcare industry that relies on IoT devices more and more, and where a hack can have disastrous consequences on patient well being.
The risk is apparent in how the industry uses smart devices (e.g., tablets to collect patient data, mobile devices to send patient health information (PHI), and IoT medical (IoMT) devices to track and maintain patient health). Smart device cybersecurity unfortunately lags and is sometimes overlooked entirely. This is a major concern for healthcare in 2020.
According to Forescout Technologies’ Tom Dolan, healthcare organizations struggle with the use of outdated systems that no longer provide updates or security patches. For example, healthcare has the highest usage of devices running Windows 7, no longer supported or updated by Microsoft later this month. In 2019, researchers for Check Point Research found an ultrasound machine running Windows 2000 that no longer received security patches; they easily hacked into the machine. A further major concern is ever-increasing connectivity speeds. According to Forescout, while 5G technology allows more devices to have enhanced capabilities, it also opens such devices to additional security threats. Moreover, hackers can access IoT devices through many other means including the device itself, the network, and the utilized apps if users do not keep the device safe and secure. And finally, the employees and patients who use them will always remain a huge vulnerability.
HIPAA-compliant organizations utilize strong cybersecurity programs and employee awareness training to protect themselves and their patients. Unfortunately, IoT device security is not as up to date. In a 2019 Irdeto survey of 700 healthcare security-decision makers worldwide, 82% stated that their IoT devices were targeted. The survey also reported that 26% had no software protection for IoT devices; 52% no mobile app protection. IoT-focused cyberattacks, in fact, cost these healthcare organizations $346,205. But hacked devices represent more than just a financial concern or a loss of PHI. Patients of hacked IoMT devices could be physically injured or killed.
The healthcare industry heavily relies on IoT and IoMT devices, and their use will only continue to grow with the technology. Emphasis, therefore, needs to turn toward detection and prevention of security problems rather than waiting for problems to arise. According to Forescout, security in 2020 will be an important consideration when purchasing and procuring such devices, but only the organizations that put more emphasis on IoT cybersecurity will thrive. Healthcare organizations must include IoT devices within their risk analyses, provide more regulations, training, and security measures to cover their use, and evaluate the advantages of such technologies against their disadvantages.
Related: How to Protect and Secure Patient Health Information (PHI) on Mobile Devices With such precautionary measures in place, those within the industry can continue to use advanced technologies while protecting themselves and their patients from future risks.