Why Is the Security Of Healthcare IoT needs To Be Taken Seriously?
Security incidents related to the Internet of Things (IoT) in the medical field will experience a sharp increase in 2019. This alarm has just been pulled by the American association HIMMS, working to improve healthcare, using technology.
The reason is simple: the number of connected objects literally explodes in the healthcare field, and cybercriminals see opportunities to earn a lot of money. Applications and connected objects increasingly present in the healthcare sector IoT technologies have been widely adopted and millions of connected devices will appear in key areas such as health and medical care.
A. Healthcare IoT
IoT accounted for more than 60% of healthcare sector innovation projects in 2018. With these new connected objects, hospitals and medical practices want to improve the experience patient and reduce manual tasks.
For example, a Los Angeles hospital has provided rooms with connected speakers to provide patients with a greater sense of independence. In France, the Eure-Seine Hospital Center has installed a robot in pediatric emergencies to welcome children, reduce their stress and build confidence. These two examples demonstrate the potential of medical devices and IoT handheld devices to help patients recover.
Health organizations, hackers’ target large-scale attacks such as WannaCry and NotPetya ransomware have already affected health organizations using outdated software, and it’s only a matter of time before another disastrous attack be revealed. WannaCry, for example, cost the UK National Health Service (NHS) about £ 100 million after closing hospitals and canceling 19,000 patient appointments.
As the number of health organizations deploying IoT solutions increases, security incidents due to the innumerable vulnerabilities of connected devices also increase. HIMMS explains in its study that nearly 76% of health facilities have experienced a cyberattack over the past year, including highly sophisticated attacks, APT (Advanced Persistent Threats) and attacks from the internal. Email is really the main tool used by attackers to carry out their hacks, since 30% of attacks targeting health organizations, were initiated by a phishing email or spear phishing. Among the major threats are, of course, data leaks (11.8%), ransomware (11.3%) and malware stealing credentials (11%).
B. Cyber Security For Medical Technology
Visible efforts but cybersecurity is not progressing fast enough, given the scale of the challenge Threats to medical devices such as pacemakers, unlike other connected objects, can have a dramatic impact. That’s why patient safety remains the number one priority in the healthcare cloud sector. Beyond financial losses or data theft, it is the health of the patient that is at stake. Although their efforts are visible and positive, the subject of safety is still not moving fast enough. Health care organizations must continue to work on the security of their IoT devices, including real threat management programs, by performing regular intrusion tests to fix infrastructure vulnerabilities. The goal is to supervise the IoT in a secure way. The HIMMS study explains that even if they want to integrate smart medical technology, only 6% – or less – of the total IT budget of health organizations, is dedicated to the protection of information and IoT assets.
It’s not enough. Healthcare organizations are considered “at-risk” in terms of cybersecurity and as part of the IoT, detection must be done carefully, and security vulnerabilities and vulnerabilities must be monitored. Cybersecurity is not advancing at the desired pace, it is also because the sector faces obstacles to preventing incidents: according to HIMMS, the reasons are the lack of qualified personnel in cybersecurity (52.4%) , the lack of financial resources (46.6%), a large number of application vulnerabilities (28.6%), too many endpoints – servers, workstations, PCs, etc. (27.5%) and the many new emerging threats (27%). Security issues related to connected devices should be a major concern for health administrators, as any malfunction could put patients at risk. Not only for patients using smart pacemakers or insulin pumps, but also for those whose medical records could be sold on the Internet (Darkweb) and manipulated for identity theft and fraud.
We expect healthcare attacks to become more sophisticated as hackers do everything in their power to get hold of personal information and compromise medical equipment. As we all understand in all sectors, we must organize the response, but this is even more urgent in the field of health!