TechAdvisory.org

Technology Advice for Small Businesses

Healthcare IoT: Security risks involved

From mobile apps that assist with taking medicine on time to smart appliances that monitor vitals, the Internet of Things (IoT) is becoming ubiquitous in healthcare. However, IoT’s expansion brings new risks, vulnerabilities, and security challenges for healthcare practitioners and their patients.

Devices that contain a treasure trove of patient data are attractive targets for cybercriminals. Healthcare apps, for instance, contain plenty of sensitive information, such as social security numbers, prescriptions, and medical histories. Should hackers ever get a hold of this information, they’ll be able to steal their victim’s identity or resell the information on the dark web.

In certain cases, an attacker could have direct control over IoT equipment, causing potentially lethal results.

In August 2018, cardiovascular imaging device manufacturer Philips found that its devices could be exploited with a high-severity code execution flaw that could be sent over the Internet, and in an even more terrifying twist, McAfee researchers at the 2018 Defcon demonstrated that vital signs monitors could be remotely altered to simulate a flatline on a patient’s heartbeat.

Vulnerable medical devices are also gateways to a secured network. Hackers can use compromised IoT devices to sneak ransomware and other types of malware onto a network, causing service disruptions and preventing practitioners from providing responsive treatment.

There are several things you can do to defend against these attacks.

Use multi-factor authentication

Multi-factor authentication forces users to provide more information than just their username and password (e.g., SMS code, fingerprint, or retinal scan). By enabling this on your networks and devices, hackers will have a more difficult time accessing mission-critical data.

Encrypt your data

Another way to protect your business and your patients from a massive data breach is with encryption. Encoding electronic health records while they’re being transmitted or left in storage prevents hackers from reading and stealing sensitive information.

If possible, everything that is transmitted across your network should be encrypted automatically to secure the communication between IoT devices.

Install intrusion prevention systems

Since most IoT attacks are delivered via the internet, intrusion prevention systems are crucial to identify and block unauthorized connections to your network. This means hackers who try to remotely access or shut down your IoT equipment will be stopped before they damage your systems.

Security updates

Last but not least, IoT manufacturers occasionally release security patches for their gadgets. Get in the habit of downloading these updates as soon they’re rolled out, or allow your devices to automatically download and update themselves to ensure their safety from the latest threats.

When it comes to security, healthcare institutions have their work cut out for them. But whether you’re dealing with hardware security, data privacy, or regulatory compliance, it’s a good idea to partner with a managed services provider that specializes in helping the medical industry.

Call us today to see what we can do to protect you and your patients.