The Internet of Things (IoT) is a powerful development with far-reaching consequences. The IoT is a network of devices that connect to the Internet and exchange data amongst themselves. In homes, thermostats learn from homeowners' habits. In factories, sensors measure employees' productivity. In healthcare, the advantages of IoT are well noted. Applications range from sensors in patient monitoring units to personal health data sent directly to insurers. Healthcare companies have flocked to IoT. In 2014, this market reached $24.6 million in revenue. From 2015 to 2020, it is predicted to grow at a compound annual growth rate of 37.6%. IoT applications are poised for a healthcare revolution. Yet, these benefits and profits can come at a price. Contributor Shayla Price reports on what makes connected healthcare devices vulnerable and how healthcare companies can protect themselves:
How IoT Devices Add to Healthcare Security Risks
A recent study showed that 70 percent of IoT devices contain serious vulnerabilities. These include, but are not limited to, issues like:
- Weak or non-existent access controls. Recent studies estimate 80 percent of online accounts don't require secure passwords. And most users create weak passwords. If your employees’ business accounts are hacked, this places healthcare records at risk.
- Non-existent encryption. Encryption scrambles data. Unauthorized users without the proper decryption key cannot read the information. However, some healthcare providers fail to install encryption on their systems.
- Inadequate software protection. Most enterprise applications are updated or patched infrequently. Therefore, devices become vulnerable to newly-developed viruses.
- No guidance for new technologies. Healthcare organizations have strict regulations regarding how electronic health records can be created, stored, accessed, and shared. However, the FDA only mandates guidance on some mobile devices, not mobile medical apps. Many organizations are left unaware of the challenges to ensure proper cybersecurity.
What Happens When Healthcare Devices are Compromised?
Security breaches negatively impact both hospitals and their patients. One California system, for example, lost the personal information of more than 30,000 patient records, leading to a total cash payment of $7.5 million to participating settlement class members.
Some implantable devices, like pacemakers and insulin pumps, can be reprogrammed remotely. This remote access opens the doors to safety and privacy risks. For example, former Vice President Dick Cheney ordered doctors to disable his pacemaker's wireless capabilities because he was concerned about hackers breaking into his device.
How to Safeguard Against Healthcare Security Threats
Healthcare organizations must take proactive steps to strengthen their defense against hackers. It's important to decrease the risk of thieves entering your systems. Authentication, which limits device access, is one way to safeguard against threats to critical infrastructure. Using multi-factor authentication, such as biometrics, protects your devices and data.
Encryption also improves device security in the healthcare environment. Use a secure virtual data room, for example, to store and share documents. And transfer patient information safely to remote backup servers. Moreover, educate employees about the risks and implement compliance standards for using devices. This safety measures will strengthen inadequate security controls.