The Internet of Things, or IoT, is a system of internet-connected objects that collect, analyze and monitor data over a wireless network. The IoT is used by organizations in dozens of industries, including healthcare. In fact, the IoT is revolutionizing the healthcare sector as devices today have the capability to gather, measure, evaluate and report patient healthcare data.
Unfortunately, IoT connected devices also exponentially increase the amount of access points available to cyber criminals, potentially exposing sensitive and confidential patient information. In order to take advantage of this valuable new technology, healthcare firms need to ensure that they are aware of the risks and address them ahead of implementation.
How are healthcare organizations using the IoT?
Businesses in the healthcare sector are taking advantage of the IoT to provide better care, streamline tracking and reporting, automate tasks, and often decrease costs. Here are a few examples of how healthcare organizations are using IoT:
- Medicine dispensers are now integrated with systems that automatically update a patient’s healthcare provider when they skip a dose of medication.
- Smart beds are equipped with sensors that indicate when it is occupied, alerting the nursing staff if the patient is trying to get up.
- Caregivers are taking advantage of ingestion monitoring systems whereby swallowed pills transmit data to a device, tracking whether a patient is taking medication on schedule or not.
- Smart inhalers can now track when asthma and Chronic Obstructive Pulmonary Disease (COPD) sufferers require their medicine. Some of these devices are even equipped with allergen detectors.
Connectivity of healthcare solutions through cloud computing gives providers the ability to make informed decisions and provide timely treatment. With the IoT connected technology, patient monitoring can be done in real-time, cutting down on doctor visit expenses and home care requirements.
However, as healthcare organizations begin to integrate IoT technology into devices more frequently, cybersecurity risks increase significantly.
Cyber risks of healthcare IoT tech
Cyber risks have become sophisticated and there has been an enormous increase in the quantity and severity of attacks against healthcare providers. In fact, since 2009 the number of healthcare industry data breaches has increased every year, progressing from only 18 in that year to 365 incidences in 2018. Significant financial costs to a healthcare organization are a consequence of these breaches due to fines, settlements, ransoms, and of course the costs to repair the breach itself.
Businesses are becoming progressively vulnerable to cybersecurity threats due to rapid advancement and increasing dependence on technology. Unsecured IoT devices pose a higher risk by providing an easily accessible gateway for attackers looking to get inside a system and deploy ransomware. Everything from fitness bands to pacemaker devices can be connected to the internet, making them vulnerable to hacking. Most of the information transmitted isn't sufficiently secured, which presents cybercriminals with an opportunity to obtain valuable data.
Managing IoT cybersecurity risks
No organization, including healthcare firms, can block all attackers. However, there are ways in which they can prepare themselves. Use these tips to help protect your healthcare organization from IoT-related cybersecurity risks:
Encrypt data to prevent unauthorized access
Leverage multi-factor authentication
Execute ongoing scanning and testing of web applications and devices
Ensure vendors meet HIPAA compliance requirements
Protect endpoints like laptops and tablets
- Healthcare staff should be educated to look for signs of phishing emails like typos and grammatical errors
IoT device specific protection tips:
- Acquire unique logins and device names. Avoid using the default configurations
- Ensure the latest version of software is installed
- Take an inventory of all apps and devices that documents where it resides, where it originated, when it moves, and its transmission capabilities
Smart devices connected through the IoT increase access points for cyber attacks, significantly increasing risk and organizations need to be prepared in advance to prevent damage from such threats. The healthcare industry is one of the most sensitive and frequently targeted sectors as well as one of the most costly in which to address a breach. Therefore, it is prudent for organizations to include IoT devices in a thorough cybersecurity risk assessment and ensure that they take all the necessary precautions to minimize vulnerabilities from implementing these IoT devices.