Cybersecurity risk management is a common obligation borne by all stakeholders, including producers of medical devices and hospitals.
FREMONT, CA: The internet of things (IoT) is growing at a breakneck pace. Although this expansion brings new capabilities and opportunities for corporate innovation, it also introduces new security concerns and challenges. And no danger is bigger than that of life or death, which is a primary worry regarding IoT in healthcare.
While the healthcare industry has been slower to adopt Internet of Things technologies than other sectors, the Internet of Medical Things (IoMT) is set to revolutionize how healthcare sectors keep patients safe and healthy. IoMT refers to a networked medical devices and apps system that collect and transmit data to healthcare information technology systems over online computer networks.
The Internet of Things (IoT) is at the heart of the digital healthcare ecosystem. This ecosystem comprises patients and medical personnel, medical devices (e.g., diagnostic and imaging), surgical robots, wearables, intelligent equipment, and an infinite number of wireless sensors that all share sensitive patient data.
Despite clear cybersecurity risks, it appears that the IoT is gaining traction. According to Gartner, the Internet of Things in healthcare is expected to rise by 29 percent in 2020. Allied Industry Research said the global IoT healthcare market would reach $136.8 billion in 2021. There are already 3.7 million medical devices attached to and monitoring various body regions to aid in healthcare decision-making.
Cybersecurity Challenges for the Internet of Things
Because most IoMT devices were not developed with security in mind, they are particularly vulnerable to compromise. According to one study, an average of 164 cyber threats are detected for every 1,000 linked host devices. Cybersecurity specialists discovered severe flaws in the technological design of some insulin pumps in 2019, forcing the FDA to issue a warning that hackers may compromise insulin pumps by connecting to them over WiFi and altering the pump's settings to either under-or over-deliver insulin.
Connected medical equipment—ranging from Wi-Fi-enabled infusion pumps to innovative MRI scanners—expands the attack surface of devices that share information and raises security concerns, including privacy concerns and the possibility of violating privacy legislation. An exploited vulnerability that results in the kidnapping or ransoming of a device could result in clinical risk and even in the death of a patient. Contamination and loss of data and the possibility of seizing control of a device should be critical priorities for healthcare information technology teams.
According to the recent Vectra 2019 Spotlight Report on Healthcare, the proliferation of healthcare IoT devices, combined with a lack of network segmentation, insufficient access controls, and reliance on legacy systems, has increased the attack surface available to cybercriminals intent on stealing Personally Identifiable Information (PII) and Protected Health Information (PHI), as well as disrupting healthcare delivery processes.
Cybercriminals typically target Electronic Health Records (EHRs) due to their black-market value of hundreds, if not thousands, of dollars. 32 million healthcare records were compromised in the first half of 2019 alone due to several security issues. Additionally, criminals may install malware or ransomware on the hospital network, encrypting and disabling associated servers and systems, resulting in a complete interruption of healthcare provision. As a result, healthcare systems may continue to operate at a reduced capacity for several days.
IBM's 2019 Cost of Data Breach Report estimates that healthcare's average cost per breached record is $429. As a result, it's unsurprising that the actual cost of recovering from a ransomware assault for a large hospital is typically in the millions of dollars.
As the number of linked devices grows, people must discover the most secure way to handle the data load. Protecting the medical, insurance, and personal information of a patient must be a primary priority. Because threats and vulnerabilities cannot be removed, mitigating cybersecurity risks is complicated. The health care environment is complicated, and manufacturers, hospitals, and other health care providers must collaborate to mitigate cybersecurity concerns.