Cybersecurity Implications of IoT Innovation with the Healthcare Industry

The Internet of Things has the potential to revolutionize the world, including healthcare. But doctors, hospitals and medical experts might want to pause before adopting this technology and evaluate the cybersecurity challenges.

The commitment for the Internet of Things (IoT) in the healthcare sector is staggering. Recently a study from MarketResearch.com predicted that by 2020, the IoT market in the healthcare sector will reach $117 billion, expanding at a rate of 15 percent per year.

IoT refers to the networking of sensors and other devices to enable machine-to-machine communication. Because it can create a global web of IP-addressable devices that are often not regularly monitored or managed, this can greatly expand an enterprise’s threat surface.

The IoT’s intelligence, accessibility and ability to scale are not only its strengths, but also its weaknesses. According to Accenture Technology, the IoT can increase production, boost innovation and reshape the current business landscape. But this might come at the cost of cybersecurity.

Benefits and challenges

Within healthcare, the lifesaving potential of this technology makes its rapid adoption virtually irresistible. Networked devices can monitor conditions and notify healthcare providers, patients and loved ones of changes. Problems can be identified and controlled remotely. Appointments and procedures can be scheduled automatically, and records kept up-to-date and accessible to those who need them.

Networked devices can monitor conditions and notify healthcare providers, patients and loved ones of changes

Philips, a company best known for light bulbs and personal hygiene, has created a healthcare subsidiary to create a new generation of medical sensors.

“Phillips recently created a pillbox that pops open when it’s time to take your meds, and sends a message to, say, a family member or nurse confirming that you’ve taken them.” –The Globe and Mail

The example of an IoT pillbox, as helpful as it is, is only the tip of the iceberg for how beneficial IoT in healthcare can get:

• Sensors like the ones used by neonatal units to monitor premature infants can be placed directly on the skin on home patients, along with high-definition cameras to monitor skin color, breathing and temperature, and alert nurses of any changes.
• Smart beds now being used at New York Presbyterian Hospital can tell immediately if a patient has gotten up, and let the nursing station know.
• Fitness trackers like the FitBit, Apple Watch, and others, which surpassed $2 billion in revenue, not only measure heart rate, sleep patterns, diet, and exercise but soon could be integrated with health care providers to track recovering or high risk patients.
• Fitness trackers can also integrate with insurers to provide discounts. “U.S. insurer John Hancock (a subsidiary of Manulife) is offering clients up to 15% off premiums if they willingly hand over data that proves they lead a healthy lifestyle.” –The Globe and Mail

A recent CIO.com article cited three factors in the upward trend of IoT devices in healthcare:

• Chances are you already have one. Consumer devices based on the IoT concept include the Apple Watch, fitness trackers and other commercially sold wearables.

• They are getting less expensive. Sensors, a key component of IoT, will cost an average of $0.38 in 2020 as compared to $0.50 today.

• They’re becoming standardized. The IPSO Alliance brings together companies such as Google, Cisco, Intel and Oracle to create standards and support “Smart Objects” technology.

Despite its widespread adoption in healthcare, this astronomical growth of unprotected devices and data could be a heart attack waiting to happen for the healthcare industry. Recent events such as the ransomware attacks against several prominent hospitals show that medical centers are high profile targets for hackers and online criminals.

Within healthcare, the lifesaving potential of this technology makes its rapid adoption virtually irresistible

The solution

Using the IoT safely in healthcare is not necessarily difficult. Good communication, appropriate protocols, mapping and isolating IoT devices and vulnerability management and analytics can help the healthcare industry protect patients and their networks.

Communication: Hospitals and healthcare providers must communicate with each other and their patients to ensure that risks are understood and mitigated. For example, a doctor or hospital will never call to ask for personal information to “access” or “fix” medical records or devices.

Island of IoT devices: Access to networked medical devices must be effectively controlled, and access by devices to other accounts and systems must be limited.

Keep your protocols and processes tight: Protocols and processes on networked equipment should not be enabled by default. Enabling only those that are necessary can help prevent intruders from gaining access to and control over your resources.

Know your metrics and where you’re vulnerable: IoT is about data and rapid interaction between devices, and something like the Tenable SecurityCenter Continuous View™ solution, which consolidates and evaluates vulnerability data across your organization, can prioritize security risks and provide a clear view of an organization’s security posture. It offers pre-built, highly customizable dashboards and reports which can help organizations visualize, measure and analyze the effectiveness of their security program regardless of their infrastructure.

The healthcare industry’s commitment for the Internet of Things (IoT) is staggering, but the cybersecurity implications don’t have to be. Learn more about how SecurityCenter Continuous View can help better protect your organization from cybercrime.