The Internet of Things is having a transformative impact in many sectors, and healthcare is no exception. From individual smart devices implanted in patients’ bodies, such as connected insulin pumps and heart rate monitors, through to devices aimed at monitoring health and wellbeing in the home, to connected equipment which enable the sharing of information in clinical settings, there are myriad variations of healthcare IoT. What they have in common is their ability to intelligent harness data, and use it to ultimately improve patient outcomes.
Yet that data is also some of the most sensitive around, ranging from individuals’ personal contact details and dates of birth, which can be used to enact a variety of fraudulent activities, to their medical records and treatment plans. Furthermore, the day-to-day operations of healthcare settings are truly mission-critical – disruption can immediately become a matter of life or death, which means healthcare settings are particularly vulnerable to coercive cyberattacks.
As such, healthcare organisations have long been targets of sophisticated cybercrime. Back in 2017,the WannaCry ransomware attacks hit NHS GPs and hospitals, underlining just how vulnerable the sector can be to evolving cybercrime. As healthcare IoT proliferates, so the sector encompasses an ever-greater volume of information and an ever-greater number of connected devices, making it a tempting target for cybercriminals.
A vulnerable sector?
A recent study by Irdeto Researchrevealed that ‘healthcare organisations lack necessary measures to counter cyberattacks’, with 42% of the respondents saying that IoT devices were the most prominent vulnerable aspect of their infrastructures. Meanwhile, almost all – 98% in total – of manufacturers of IoT devices acknowledged that the security of their products could be improved either to some extent or to ‘a great extent’.
Clearly the onus is on those manufacturers to make their products as secure as possible, bearing in mind the particular sensitivities and needs of the healthcare sector. But IT and procurement managers within healthcare settings can also take steps to shore up the security of their IoT ecosystems, and ensure their sector can benefit from this transformative technology without putting patients at risk.
Making healthcare IoT more secure
A significant part of the problem is that healthcare organisations are particularly prone to running out-of-date operation systems and applications, or using legacy devices – and this has to be a foundational step in harnessing the IoT securely.
From there, healthcare organisations should look towards the principle of comprehensive infrastructure and network visibility which underpins all cybersecurity. The IoT vastly increases the scale, complexity and dynamism of organisations’ networks, which means it is particularly important for managers to have a holistic overview of all the connected devices on the network and who has access to what. IoT devices need to be identified and monitored automatically – there is a vital role for artificial intelligence here.
Network segmentation is another key principle of IoT security for the healthcare sector, siloing key devices and datasets off from one another. In this way, if a malicious actor does manage to gain access to one part of the network, they will still struggle to travel laterally throughout the environment, accessing other sensitive datasets and causing huge amounts of damage.
Ultimately, the IoT has huge potential for the healthcare sector, helping clinicians to harness data more intelligently and responsively than ever before. But to be truly transformative, comprehensive cybersecurity needs to be borne in mind from the start.