If it’s connected to the internet, it can be hacked. The most recent and unprecedented DDoS attack on IoT devices brought the internet, and all its connected services and devices, to massive halt. It’s likely that more large scale attacks are on the way. Hospitals and healthcare facilities are a rich target for cyber breaches. Not only do these facilities contain large amounts of patient and employee data, they also contain thousands of devices that increasingly rely on cloud services to operate. A single breach can not only compromise an entire database of patient credit card numbers, it can also obtain access to common medical tools such as pumps, automated drip machines, and even connected surgical devices.
This shift in the pattern and magnitude of breaches and attacks will necessarily cause hospitals to rethink and reorient how they prioritize their IT spending.
1. IoT is Expanding in the Hospital Setting
IoT devices in the hospital are moving beyond basic uses such as climate control and automated temperature change. As data becomes easier to store and share, and cloud service deployments are favored over on-premise installations, IoT devices will permeate all areas of quality care delivery. While cloud and hybrid-cloud services usually come with built-in security features, IoT is a whole different story. As technology changes, so do the priorities and necessary knowledge base of in house IT personnel. Hospitals can start planning now on how to keep IoT infrastructure safe while also strategizing optimal deployments.
2. Healthcare IT Security Spending is on the Rise…Except for IoT
The risk of hackable IoT devices probably won’t come to prominence until there are more instances of related breaches. Healthcare IT security trends show a majority of new security dollars being spent on mobile devices, compliance, analytics and securing messaging networks. None of this spending, however, addresses the need to keep actual deployed devices secure. Many hospitals and other healthcare facilities assume that devices are covered under general IT security operations. There may be some protection, but dollars and resources need to be evenly distributed to face the separate challenges IoT devices bring to security operations.
3. IoT Devices Can Quickly be Hacked
It’s worth repeating again: if a device is connected to the internet, it can be hacked. Because the safety parameters surrounding IoT devices tends to take a backseat to other security concerns, sophisticated attackers can break into IoT devices in minutes. If IoT devices are part of a larger cloud deployment, they may enjoy the same safeguards as SaaS services. But that’s not guaranteed. The feasibility of hacking IoT devices is amplified when their systems deployment is part of a separate, dedicated system that needs its own layer of security monitoring.
4. You May Not Have Control Over all IoT Devices
Currently, 30% of IoT devices are supplied and monitored by external vendors. The vendors will typically provide virtual data center security as part of their service level agreement. While this scenario sometimes helps in the aggregation and analysis of IoT device data (not to mention increased savings), it can also put hospitals at risk of extreme downtime if the vendor is shut down from an attack. As the rise of IoT devices continues to integrate into the core of hospital IT infrastructure, healthcare organizations need to evaluate external vendor security on top of auditing their own measures.
5. Medical Devices Become Personal Wearables
Sensor driven IoT medical devices will soon find their way into patient wearables. The analytics that could be collected from sensors installed on surgical implants, external wearables (think smartwatches for patients), glucose monitors, and even pacemakers can revolutionize the way medicine is delivered. However, there is also added risk in that patients are now bringing connected devices home. If these devices are connected through in-home WiFi or other data networks, attackers may have easier access to maliciously controlling IoT medical devices. IT security and governance plans need to plan ahead for how to secure the trade off between the needs for analytics data and the necessity of patient safety.
The Altura IoT Edge
Altura can assist your hospital or healthcare facility with defining, designing, and deploying aggressive, best-practice security measures that reflect the modern risks of the healthcare environment. Our healthcare solutions quickly identify and isolate a breach, stopping any further damage that may occur.
Through our partnership with Avaya , we can secure your IoT devices by providing a dedicated preventative and reactive monitoring system for each connected device.
With Altura in your corner, you can focus on leveraging IoT as a business asset, not a business challenge.
Contact us today for a consultation.