Skip to content

The dismal state of IoT security in health care

--Advertisements --

The healthcare industry is moving towards connectivity of medical equipment to accelerate data entry and recording and improve the accuracy of the data. At the same time, there has been a shift towards the integration of mainstream mobile devices, including wearable devices, so that health care providers can monitor patients' health more closely and improve treatment. .

"The demand for connected devices has grown rapidly in recent years," noted Leon Lerman, CEO of

"The number of connected medical devices, currently estimated at around 10 billion, is expected to grow to 50 billion over the next 10 years," he told the E-Commerce Times.

Worldwide, consumer interest in smart wearables – those of Apple, Fitbit and various fashion brands – has increased, according to IDC.

Wearables sales in the first quarter exceeded 25 million units. During this period, smart wearables sales grew more than 28% from one year to the next, while basic wearables sales decreased by about 9%.

The smarter devices of major brands such as Apple and Fitbit incorporate more sensors and improved algorithms, and have access to underlying historical data, notes Jitesh Ubrani, senior research analyst for IDC mobile device trackers, making them useful for monitoring the health of users

-- Advertisements --

Laptop manufacturers have increasingly incorporated cellular connectivity into their products, which has led to the emergence of new use cases. About one-third of all wearables sold in the first quarter included cellular connectivity.

Apple has gone further in health care with the Apple Watch, which connects wirelessly with an iPhone.

has partnered with Google on a range of healthcare solutions for businesses and consumers.

See also  6 ways I earn more money on my websites

In addition, medical device manufacturers are increasingly incorporating connectivity into their products.

However, the connection of wearables to networks is done at the cost of increased security risks.

Threat landscape

"The number of IoTs and connected devices used in hospitals is continually increasing and diversifying in their nature, exposure to potential devices is great," noted Lerman. from Cynerio.

-- Advertisements --

Such devices range from MRIs to insulin pumps, and "the large number of devices in a single hospital also means that staff are often unaware of the threats, so violations may go unnoticed," he said. highlighted.

Network-connected medical devices "promise an entirely new level of value for patients and physicians, but they also introduce new cybersecurity vulnerabilities that could affect clinical operations and put patients at risk," Kamaljit Behera said. analyst at Frost & Sullivan, told the E-Commerce Times.

Last year, 75% of health care organizations were victims of a cybersecurity incident, noted health care industry analyst Frost & Sullivan , Siddharth Shah.

Attitudes towards cybersecurity have, however, been mixed. Seventy-one percent of health organizations surveyed by Frost have allocated a budget for cybersecurity, Shah told the E-Commerce Times.

However, according to company research, 53% of healthcare providers and 43% of medical device manufacturers "do not test their medical devices for safety, and few do anything at all. about piracy ".

"Some improvement" in cybersecurity is expected this year, said Shah. The health care industry "is gradually shifting from a reactive approach to a proactive approach, but there is still much to be done."

-- Advertisements --

Hospital IT security budgets are relatively low, Lerman said. Thus, hospitals "have a relaxed security posture, with unsecured connected medical devices being the gold ticket for hackers."

See also  Uber is awesome until he leaves you out in the cold

Patient data is "evaluated at about 10 times the value of a standard credit card," he noted.

The attraction of wealth has stimulated the creativity of hackers, observed Sean Newman, director of product management at
Corero Network Security.

"Proof of continuing cybercriminal investment and innovation … reinforces the need for organizations that need continuous internet availability to deploy the latest generation of real-time automatic DDoS protection solutions ".

There are already cybersecurity frameworks in hospitals, Shah said.

In addition, the US government worked to improve the situation: The US Food and Drug Administration released a medical device
security action plan, for example. He also works with the United States Department of Homeland Security on issues of cybersecurity for medical devices.

-- Advertisements --

Clothes are low risk

The risk associated with wearable technologies is low, "assuming that the health care entity segments the data flow of the remote personal care devices into a separate data repository and not their electronic health record," says Greg Caressi, Global Head of Transformational Health at Frost & Sullivan.

This is "the most likely architecture" to adopt for both analysis and security, he told the E-Commerce Times.

The growing consumerism trend in health care has given rise to a new debate, said Frost's Behera, on the need to make individuals owners of their data, with a single access control to promote l & # 39; interoperability.
"It's a great vision," said Behera, "but the biggest question is, how are individuals well-prepared, equipped and educated to protect access to their health data on their smartphones or their devices? Home Internet Networks? "

A possible healthcare security strategy

Each device maker implements its own security solutions, and the medical device industry "has a hard time taking what they've learned and applying it," noted Rod Schultz, Product Manager at
Rubicon Labs.

See also  B2B: How manufacturers with distributors use e-commerce

What's needed is a paradigm shift, he told TechNewsWorld.

Any manufacturer of connected medical devices should not attempt to reinvent the cybersecurity wheel, Schultz added. Instead, they should all rely on mobile phones, which are "the cornerstone of the safety of a connected medical device".

-- Advertisements --

Finding a way for mobile phones to do the biggest job of lifting cybersecurity possible "will work – but will require manufacturers of devices that they concede and cooperate with Apple, Google, Microsoft and Amazon, "he said. ]
"The standardization could possibly result," Schultz suggested, "but in the short and medium term, the search for a security halo by the largest mobile and cloud providers seems to be a strategy." sustainable security. "

Richard Adhikari has been a reporter at ECT News Network since 2008. His fields of intervention are cybersecurity, mobile technologies, CRM, databases, the software development, the central and midrange computer. and the development of applications. He has written and edited for many publications, including Information Week and Computerworld . He is the author of two books on client / server technology.
Email Richard.