5 Cybersecurity Measures for IoT Medical Devices

BY:

With the incidents of healthcare-industry cyberattacks and data breaches increasing, the issue of medical devices that are connected via the Internet of Things (IoT) will surely be coming more and more into the spotlight. The reason is clear: Those IoT medical devices are all interconnected on their own “Web,” and carry their own digital signatures, IP addresses, and, most distressingly, patient medical data that can be hacked, read, exploited and dumped by predatory cybercriminals. According to Forrester research analyst Chris Sherman and his May 2016 report on the growing crisis, Healthcare’s IoT Dilemma: Connected Medical Devices, “You have less control over connected medical devices than any other aspect of your technology environment. Many times, vendors control patch and update cycles, and vulnerabilities persist that require segmentation from your network. Considering that many of these devices are in direct contact with patients, this is a major cause for concern.”

IoT Medical Devices

Indeed, but here are 5 ways to protect medical devices on the Internet of Things from cyber breach or data exploit:

  1. Categorize potential cyberattack risk of existing devices. Once electronic medical devices are placed on wireless networks, they become part of an interlinked (and hackable) system. A website like Shodan, a.k.a. “The search engine for the Internet of Things,” catalogs devices on the IoT and exposes myriad searchable endpoints globally that lack proper security. Medical device security watchdogs should then use sites like Shodan to calculate the riskiness of having that heart monitor, CAT scanner or IV-drip on the IoT and step up their security accordingly.
  2. 2. Establish a clinical risk management framework. This one rightly follows on the heels of number one, as it is sequentially relevant and is based on language in the Sherman/Forrester report that calls for a risk-management “framework [that] focuses on how to manage and balance risks associated with safety, effectiveness and data/system security. It will help you determine the risk levels of your medical devices, mitigate and control that risk, and ultimately bring the risk exposure of your hospital network to acceptable levels.”
  3. Ensure your enterprise or organization follows strict security “hygiene”. The Forrester Research report states that the great majority of healthcare data breach cases in recent years were due to “social engineering and spear-phishing attacks”. This shows that there needs to be a deep awareness of corporate culture within vulnerable industries, and tighter controls on employee access and greater recognizance of the aforementioned cyber threats and attacks. Security control in healthcare needs to adopt “frequent, relevant, and engaging communication to ensure [their] workforce doesn’t miss security messages,” according to the report.
  4. Arrange security requirements in new device requests’ proposals and contract verbiage. It’s important to note that as potential customers, healthcare organizations DO have the power to get manufacturers of vulnerable devices to agree to special security requirements in proposals and contracts for IoT-connected device rollouts or upgrades.
  5. Implement a no-tolerance, zero-trust networking policy. This relies on the fact that you can’t control what’s coming at your data network from “out there,” but you sure can control how you respond from within your organization. Adopting ubiquitous security procedures rather than just perimeter measures; including risk-based, segmented devices, and enforcing zero-trust policies that vet-out any conceivably possible cybersecurity threat will help cement across-the-board security measures that protect healthcare data networks far better than mostly passive, perimeter controls.

The Forrester Report ends on this note: Although tech innovation in healthcare holds great promise to improve the “quality and speed with which patient care is delivered, the unfortunate reality is that security is all too often an afterthought in the design and development of these innovative new technologies. This is especially true for IP-enabled medical devices.”

Related Blogs

  • A teacher exercises and shares the benefits of AWS cloud computing for primary and secondary schools." alt="">
    AWS Cloud Computing for Primary and Secondary Schools

    Managing the flow and effectiveness of primary and secondary education systems can be relatively complex. Above all, it’s vital that they’re serving their intended purpose and helping students...

    Learn More
  • The image is a black chalkboard with a yellow target and arrow at the center over the top of intersecting lines indicating computer system complexity." alt="">
    AWS Cloud Computing for University Systems

    AWS cloud computing for universities & colleges At the beginning of the COVID pandemic, many colleges and universities discovered the advantages of accessibility, flexibility, and organizational...

    Learn More
  • A customer service agent utilizes four benefits of Amazon Connect customer profiles to provide a better experience to each customer." alt="">
    4 Big Benefits of Amazon Connect Customer Profiles

    Having access to the correct data when providing customer service is crucial. Without the help of the right technology, this wouldn’t be possible. It’s also inherently necessary due to the volume...

    Learn More