Advances in IoT devices are incredibly beneficial for healthcare organizations when it comes to monitoring and caring for patients. These connected medical IoT devices also enable other efficiencies, like remote software updates, eliminating the time-consuming and costly process of driving out to a site to physically access devices for updating. Likewise, healthcare organizations can leverage the data generated from these IoT devices to drive additional value, such as general process enhancements and new patient services. Nevertheless, despite these undeniable advantages, the meteoric rise in medical IoT devices creates thousands of entry points for hackers to infiltrate networks and obtain sensitive information.
The Current Threat Landscape
Hospitals account for 30% of all large data breaches, with 95% of identity theft coming from stolen healthcare records. And in 2021, data breaches in healthcare cost these businesses an average of $9.3 million per incident. Hackers will sell stolen information for profit, sometimes back to the hospital in the form of a ransomware attack. For example, one group of hackers notoriously said they would shut off thousands of IoT-connected pacemakers unless the healthcare company met their demands. The reality is all connected devices are vulnerable – and hundreds of new vulnerabilities become public each week. Healthcare organizations must be vigilant and realize any connected IoT device is at risk. And with so many medical IoT devices on any given network, they must also ensure they’re using the latest IoT security software/hardware to keep their networks secure.
Three Steps to IoT Security: Acknowledgement, Budgeting and Technology Implementation
First and foremost, healthcare companies should acknowledge these security risks and address them. While this statement may sound obvious to some, many healthcare businesses are unfortunately not paying enough attention to IoT security. As it stands, roughly 60% of organizations do not have a process to identify security issues in their IoT devices. These unchecked security risks are serious and ignoring them won’t make hackers stop – if anything, indifference emboldens them. Of course, many healthcare organizations aim to address these risks but don’t have enough focus, expertise or resources to prioritize IoT security. For those in this bucket, there must be a top-down agreement to ensure IoT devices and networks are secure.
Having established a company-wide culture that recognizes the importance of safeguarding the network from hackers and data breaches, healthcare companies can create a budget and allocate resources toward IoT security.
It’s recommended healthcare organizations choose an IoT solution provider with a focus on security when deploying connected devices, rather than integrating security features from scratch. IoT solutions are complex and many companies struggle to integrate the many components, including wireless communication, in a secure way. Without security expertise and an integrated approach, those efforts can be very costly and not yield the desired results. Ideally, an IoT solution provides built-in security features to design a secure product as well as services to maintain the security of a product throughout its lifetime.
Essential security features for connected products include various features such as secure booting, filesystem encryption, protected hardware and network ports, network authentication, tamper detection and secure connections.
The Fight Against Hackers Is Constant
Medical companies need to remember that the fight against hackers is constant. Hackers are much more sophisticated than many are willing to admit – these malicious actors consistently devise new ways to breach networks. Therefore, healthcare organizations and IoT solution providers must work together to secure sensitive medical information. In the same vein, healthcare companies must perform continuous maintenance, updating their products even after release. With new vulnerabilities coming out almost every week, it’s paramount that companies repeatedly scan their products throughout their entire lifecycle to determine which of these new vulnerabilities actually pose a threat to the product in question.
Thankfully, there are IoT solution providers that offer the services, resources and tools medical businesses need to continuously identify and resolve those vulnerabilities when they arise, whether that involves an external security audit or other threat measurement and monitoring services. Additionally, healthcare organizations should leverage those IoT security solutions that allow them to integrate device security, device identification and data privacy capabilities into their product design, empowering their product to adapt to evolving threats.
When Fighting Hackers, Don’t Be an Island
As highlighted throughout this article, it is critical that healthcare companies choose an experienced and trusted IoT solution provider to help them identify vulnerabilities in their IoT networks and protect them against hackers and data breaches. Organizations should look outside their limited personnel for assistance, especially considering the ongoing shortages of healthcare professionals and mounting burnout issues. Medical companies, which are invaluable to society, shouldn’t hesitate to get help; the struggle against hackers doesn’t occur in a bubble.
Andreas Burghart is a Principal IoT Technology Manager at Digi International. He has acted in multiple roles in his 20+ years at Digi, including engineering/management, product management, sales engineering, and business development. He has deep knowledge of embedded technology, including embedded hardware, software development environments, and the critical steps involved in establishing a successful embedded design for today's demanding applications. Andreas is recognized for his unique abilities as a multicultural liaison, exceptional communication skills, and his strong international business background.