Forbes estimates 646 million IoT devices were used in hospitals, clinics, and medical offices in 2020.
The Internet of Things has transformed the way we live and work. And if it reaches its fullest potential, it will fundamentally change every aspect of our lives.
While the technological advances in the Internet of Things (IoT) connected devices have changed the face of medicine, they have also raised concerns about healthcare IoT security. As with most technology, advances do not come without risk. All the patient data an organization collects, transmits, and stores become a target for cybercriminals.
What is IoT, Internet of Things?
The Internet of Things, or IoT, refers to the billions of devices that are now connected to the internet, all collecting and sharing data.
As a general concept, the IoT is a system of devices with the ability to independently communicate over a network. It includes such items as smart TVs, wearable devices, smart home devices, electronic doorbells, or security cameras, all of which can be connected to the internet, controlled by linked mobile devices, and require information security applications to protect their data.
Pretty much any physical object can be transformed into an IoT device if it can be connected to the internet to be controlled or communicate information. These objects are equipped with sensors and then connected back to networks, databases, and communication systems. Analysts predict that by 2024 there will be as many as 83 billion connected devices worldwide.
The global internet of medical things (IoMT) market is expected to swell to a $158 billion valuation in 2022, up from $41 billion in 2017.
IoT in Healthcare
An electronic health record or EHR is a digital version of a patient’s paper chart. An EHR system is built to share information with other health care providers and organizations – such as laboratories, specialists, medical imaging facilities, pharmacies, emergency facilities, so they contain information from all clinicians involved in a patient’s care.
And this increasing connectivity shows no signs of slowing down. In fact, it's only accelerating. The global internet of medical things (IoMT) market is expected to swell to a $158 billion estimate in 2022, up from $41 billion in 2017.
IoT is slowly starting to weave into healthcare on both the doctor and patient fronts. Ultrasounds, thermometers, glucose monitors, electrocardiograms, and more are all starting to become connected and letting patients track their health. There are IoT devices that allow the elderly to remain independent in their own homes utilizing AI to detect falls or changes to regular daily routines providing alerts to relatives or healthcare providers.
In addition to monitoring basic fitness levels, wearables such as the Apple Watch are now taking on more medical device functionality.
IoT and COVID-19
According to the US CDC, 40% of Americans reported avoiding medical care for fear of COVID-19 exposure.
From health monitoring wearables, that provide a patient’s heart rate and blood oxygen level, and advancements in virtual doctor visits, the ability for devices to supply socially distanced medical information has proven vital for both patients and healthcare providers.
Smart devices have also played a key role in the fight against the pandemic. The integration of IoT devices with smart sensors and algorithms in the medical field, connected to an application via the cloud and other connected devices, has been very helpful in contact tracing.
Connected medical devices are proving essential amidst today’s new normal, but their implementation has also brought security gaps, and hackers are increasingly targeting health organizations and hospitals as a result.
IoT, Internet of Things… ahem perhaps the Internet of Threats
The benefits of implementing medical devices are very much clouded by cybersecurity dangers. Most cheap medical devices are prone to the same issues as other cheap connected devices, namely poor security standards and limited or no encryption. This is especially concerning since backdoor entry into medical databases gives the bad actors access to sensitive information including, personally identifiable information (PII), insurance records, and financial data. Moreover, hacked personal medical devices can, in specific scenarios, even be turned on or off by attackers.
In April of 2020, Interpol issued an alert that cybercriminals are using ransomware to target healthcare organizations already overwhelmed by COVID-19. The warning noted that cybercriminals are “using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid.”
In October of 2020, a joint alert was issued from the FBI, DHS and Cybersecurity and Infrastructure Security Agency, that “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers”. Key findings claim that Cybercriminals are targeting Healthcare and Public Health Sector with Trickbot malware, leading to Ryuk Ransomware attacks and ultimately data theft.
A study into existing internet-connected hospital devices found that 83% of medical imaging devices run on unsupported and outdated operating systems. If such devices aren’t regularly updated with the latest version of their operating system or are running an unsupported operating system, then hackers can exploit vulnerabilities to steal data, infiltrate a hospital network and disrupt care.
Why Healthcare is a Prime Target for Cyberattacks
Small hospitals and healthcare centers are prime ransomware attack targets, as hackers see an increased likelihood these providers will pay the ransom demand because their services are critical as well as to prevent patient care disruption.
Researchers at the security firm Check Point said its survey showed health care has been the most targeted industry by ransomware in the US in October of 2020, with a 71 percent jump in attacks on US providers in October.
IoT security is extremely important because any smart device can serve as an entry point for cybercriminals to access the network. Once hackers gain access through a device, they can then move laterally throughout the network, accessing important confidential data or conducting malicious activity, such as stealing data, IP, or sensitive information.
While medical devices enable next-generation care, they can simultaneously open the door to bad cybersecurity actors. This should be worrying for patients and providers and requires immediate action from a cybersecurity standpoint. As always, there are additional security steps that can be taken to stop medical hackers in their tracks.
Healthcare IT must have visibility into their entire inventory of devices and incorporate the IoTs and medical devices into their cybersecurity program. Implement solutions that will help automate, provide 24/7 visibility into each device, and the ability to take control of them at any time. There should be deployment of technology such as Managed Detection and Response (MDR), that not only identifies a security problem but also solves it – from discovery and detection of lateral movement, to risk assessment and prevention.
IoT Security for Private Users
For private users, it is important to treat IoT connected devices with the same level of security as you would a computer or smartphone.
- Stay up to date with all patching and OS updates required by the connected device.
- Use strong password practices for all connected devices.
- Enable multi-factor authentication whenever possible.
- Routinely take inventory of your connected devices and disable any items that are not used regularly.
The COVID-19 pandemic has not only tested patient care but revealed glaring cybersecurity holes across the industry – holes that hackers are increasingly attempting to exploit.
At the same time, medical connected devices bring impressive benefits in remote and personal care. As devices increase throughout this decade, it is critical that organizations increase their network cybersecurity.
Teknologize is a Managed Service Provider with clients throughout the Pacific Northwest with offices located in the Tri-Cities, Washington 509.396.6640, Yakima, Washington 509.396.6640, and Bend, Oregon 541.848.6072. Questions about cybersecurity? Give us a call today!