IoT Devices in Healthcare Are Keeping People Healthier. They’re Also Putting Users at Risk for Hacks
onnected devices have quickly become a cornerstone defense for patients and healthcare workers during the global pandemic. The rising demand for self-health management at this moment, coupled with the digitalization of the modern healthcare ecosystem, has resulted in a market that is set to grow 20 percent every year until 2026. At the same time, though, such rapid digital transformation in an industry that is traditionally a laggard warrants consideration in regards to data privacy and cybersecurity. Here’s what healthcare IoT devices can do and what actions the industry must take to keep them safe.
Medical IoT Devices Are Gaining More Widespread Adoption and Bettering Patient Outcomes
The ability for devices to supply socially distanced medical information at a time when personal space and health insight are needed most has resulted in an astronomical rise.
In essence, the Internet of Things (IoT) in healthcare makes doctors’ and hospital staff’s jobs easier by giving them the tools to gather, transfer, and store data between interconnected devices. From wearable IoT devices like smartwatches that provide a patient’s heart rate and blood oxygen level, to personal medical devices like hearing aids that can be calibrated remotely, these devices have proven vital for both patients and healthcare providers. Moreover, the technology is even proving valuable in senior care, with connected devices enabling effective at-home monitoring of seniors without the use of cameras.
Personal medical care and health data interoperability were already major hot topics in medicine before the pandemic, and now they are only growing with the expansion of medical connected devices. This is evident as a greater awareness and acceptance of newer technologies and higher spending on healthcare services is expected to see medical connected devices grow to $260 billion by 2027.
Implementing IoT in healthcare has already been shown to have many important benefits, including:
Increased patient satisfaction
Reduced hospital stay times for patients
Fewer unnecessary patient visits
Streamlined data collection
Better informed doctors
Smart devices have also played a key role in the fight against the pandemic, as well. The integration of IoT devices with smart sensors and algorithms in the medical field, connected to an application via the cloud and other connected devices, have been very helpful in contact tracing.
But Increased Use Offers More Opportunities for Cybercrime, Too
It must be noted, however, that the bright future of the mainstream adoption of medical devices is somewhat clouded by cybersecurity dangers. Most cheap medical devices are prone to the same issues as other cheap connected devices, namely poor security standards and limited or no encryption. This is especially worrisome since backdoor entry into medical databases can reveal troves of sensitive information including insurance records and financial data. Moreover, hacked personal medical devices can, in specific scenarios, even be turned on or off by attackers.
As has been shown during the pandemic, sensitive health information is fodder for blackmail and ransomware attacks. Interpol issued an alert last year warning that cybercriminals are using ransomware to target healthcare organizations already overwhelmed by COVID-19. The warning noted that cybercriminals are “using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.”
These dangers are compounded by a health industry that has already shown itself to be a cybersecurity laggard. A study into existing internet-connected hospital devices found that more than 80 percent of medical imaging devices run on outdated operating systems. If such devices aren’t diligently updated with the latest version of their operating system or are running an unsupported operating system, then hackers can exploit vulnerabilities to steal data, infiltrate a hospital network and disrupt care.
How Healthcare Providers Can Safeguard Connected Devices
While medical devices enable next-generation care, they can simultaneously open the door to bad cybersecurity actors. This should be worrying for patients and providers and requires immediate action from cybersecurity leaders. As always, there are additional security steps that can — and should — be taken to stop medical hackers in their tracks.
3 WAYS HEALTHCARE PROVIDERS CAN INCREASE IOT SECURITY
Keep firmware up to date
Advise users on secure setup and operation
Use strong authentication with public keys
TIMELY FIRMWARE UPDATES
First, when it comes to firmware updates, it is advisable to initiate an orchestrated process that ensures only authorized administrators can make changes to the device and that the update is applied properly. An update failure should trigger an alert so the device can be otherwise secured or replaced by another device.
ADVICE ON SECURE CONFIGURATION
Second, for patients, cybersecurity leaders must give clear instructions on how to install and configure the device as well as the home network. This will translate into proper operation and a secure connection to transmit encrypted data from patient to doctor. One potential solution is to tailor the device connection type. For example, using peer-to-peer connections bypass the public cloud to deliver low latency, encrypted information between user and device.
PUBLIC KEY AUTHENTICATION
Third, for devices, strong authentication with public key schemes is a must. Similar to what is used by online banks, public key authentication uses cryptographic keys to identify and authenticate peers instead of a username and password. Using cryptographic keys for authentication has the advantage that they are practically impossible to brute-force crack and do not require the user to remember anything.
The privacy and cybersecurity issues of connected devices are certainly of great concern — but the good news is that they can be countered by applying the technology cautiously. As outlined, there are multiple ways that the health industry must protect itself while onboarding these new gadgets, with the result promising major benefits in remote and personal care.