Healthcare has always been on the cutting edge, with hospitals and healthcare providers typically quick to embrace any innovation that will translate into better, more efficient, more affordable care.
From microscopic pill cameras and implantable devices to laser surgery and advanced monitoring techniques, medical technology is all about creating the best possible patient outcome.
But when it comes to the latest wave of innovative products, powered by always-on, always-connected internet of things (IoT) technology, there are growing concerns that security issues may eventually harm medical institutions or the patients themselves.
The Importance of IoT to Medicine
Some estimates predict that the global IoT market will grow to $534.3 billion by 2025. The approximately 646-million IoT devices currently in use within the healthcare field include three primary categories:
- Wearable devices (wearables) are familiar to anyone who’s ever worn a smartwatch. But today’s technology goes much further, including devices like ultra-light wearable biosensors that keep tabs on patients and wearable blood glucose monitors that help keep diabetics healthy.
- Implantable devices include any devices that are inserted into the body, including smart pacemakers, insulin infusion pumps, and defibrillators.
- Other devices used in the healthcare setting range from security cameras to thermometers and smartpens that are communicating patient data to and from healthcare records systems.
Beyond devices specifically intended for medical applications, most hospitals and other healthcare facilities are also benefiting from the types of IoT devices found in other enterprises:
- Smart office equipment like badge readers, cameras, and routers
- Smart building infrastructures like connected elevators, HVAC, and more
- Personal devices brought in by employees that can access the hospital’s network
Obviously, IoT devices are doing a world of good in medical settings. They’re giving patients more freedom and ensuring better compliance by simplifying treatment and monitoring.
They also provide the kind of continuous monitoring and analysis of medical data that would be impossible without technology. Plus, they give healthcare providers instant access to up-to-date information so they can provide better care and achieve better outcomes.
Since the emergence of COVID-19, in particular, the convenience of connectivity has proven itself over and over.
At the time the pandemic hit, organizations that were not highly connected had to scramble to catch up, both to deal with the COVID patient load and to provide remote services and relieve overburdened healthcare providers.
Still, for any enterprise—medical or otherwise—every single smart device on your network also introduces a certain degree of risk. The challenge for every single healthcare organization in the world right now is figuring out how to get the most patient-care benefit out of IoT technologies while reducing this risk—ideally all the way to zero.
IoT Devices: Risk Factors
What makes it so risky to allow IoT devices on your network?
Certainly, every device using the network increases what’s known as the “attack surface.”
But while this vulnerability is easy to control for most devices (phones, computers), the situation is not so simple with IoT devices. Here are a few reasons why this technology poses a greater security risk:
- Unlike mainstream endpoints like Windows computers or Android phones, IoT devices are not designed with security top of mind (they’re usually unattended and unmanaged).
- Up to half of connected devices, like ultrasound and MRI machines, run on legacy operating systems that are no longer supported or maintained—meaning zero security support or patches are available for them.
- There’s no certification and standardization for cybersecurity in medical devices. (Which is ironic considering that medical device safety is one of the strictest areas of regulation around the world.)
- If you’re like most organizations, you’re using a hodgepodge of devices, making it almost impossible to manually inventory every single device and keep track of what it’s doing.
- IoT devices lack standardized interfaces and controls, so it’s nearly impossible to create a uniform security policy, upgrade software, or even implement strong passwords without a solution specifically designed for IoT security.
For all these reasons, it can be very easy for hackers to compromise IoT devices in a medical setting.
Mediating the Risk
IoT devices are definitely the weakest link in your healthcare IT network. And as we’ve seen, the greater the attack surface, the greater your vulnerability. The more devices are connected, the more doors hackers have into your network.
However, since IoT devices are here to stay—and are such a tremendous help to patients and healthcare professionals alike—you need to be aware of how to use them safely in a healthcare setting.
Experts are beginning to sit up and take notice of the risk inherent in storing and transmitting healthcare data. Looking at the massive growth of telemedicine during the COVID era, a 2021 PWC report called on healthcare organizations to “boost their cybersecurity efforts.”
As that report stated, “The more people use telemedicine, healthcare apps and remote monitoring devices, the greater the number of potential entry points for cybercriminals seeking to steal patient data or launch ransomware attacks.”
In addition, IoT cybersecurity legislation will soon be coming into effect in jurisdictions worldwide. Taking steps now to mediate risk will put your organization in a better position when proper IoT security is mandated by law. Because when it comes to healthcare, tighter IoT security is literally a matter of life and death.