Securing The Future Of Connected Healthcare
Cerberus Sentinel Managing Director. Alpine Security Founder. Bestselling Author of “The Smartest Person in the Room.” 24x Ironman Athlete.
Today, hospitals and healthcare organizations worldwide are increasingly adopting internet-enabled medical equipment and devices to help improve patient care.
These technologies, coined the Internet of Medical Things (IoMT), offer doctors significant benefits by diagnosing ailments faster, alerting care teams when patients fall or hurt themselves and introducing cost savings for hospitals and patients.
Today, the introduction of IoMT has opened doors in wearable technology, such as wound dressing, which delivers painkillers to patients as and when required. It has also helped develop ingestible sensors to track patients taking their medication according to doctor’s orders and glucose-monitoring contact lenses, which can monitor a diabetic patient’s blood sugar levels through their eyes.
These technologies play a critical role in revolutionizing healthcare and making it faster and more accessible for patients. However, as with any internet connectivity, one main drawback to IoMT is that it potentially makes critical hospital equipment and people vulnerable to cyberattacks and hacking.
According to Cisco, today’s average hospital room possesses 15 to 20 connected devices. When these devices are not appropriately secured, attackers have as many as 20 different digital gateways into these medical environments.
Once attackers have gained access, they can disrupt critical healthcare functions and impact patient safety. For instance, the attackers could, in theory, access infusion pumps and change the levels of medicines being administered to patients, turn off machines that inform care teams when patients need attention or even hack into wearable wound dressings and alter the level of pain relief medication being delivered to patients.
Each of these scenarios highlights that when it comes to attacks on IoMT, the consequences are far greater than just the loss of data; in these incidences, people’s lives are put at risk.
As a result, cybersecurity must be a priority for all healthcare organizations. So, what are the best ways for them to realize the benefits of IoMT without compromising patient safety?
The good news is that when it comes to securing IoMT, most organizations can improve their cybersecurity defense through segmentation, good security hygiene practices and user education.
Firstly, the most significant attack risk to IoMT comes from attackers pivoting from IT networks to IoMT networks. When attackers get this far, the world is their oyster. They can take devices hostage or physically target patients. Therefore, the focus needs to be on preventing these lateral movement attacks through robust network segmentation. Hospitals should treat patients and IoMT as their crown jewels and do everything to minimize connections to them.
The best mitigation comes down to segmentation, where IT and IoMT are kept completely isolated.
Security Hygiene Practices
Healthcare organizations must also treat all connected devices as potential gateways for cyberattacks and then take steps to secure them.
They need to keep all devices up to date with the latest vulnerability patches and firmware and apply security protection to prevent them from being targeted with malware. In addition, healthcare organizations should also ensure they have visibility across their entire network, across both IT and IoMT, as this will help them detect malicious activity quickly before it reaches patients and critical medical devices.
Healthcare organizations must also teach staff about the risks connected medical equipment can expose to patients and hospitals. Educate on the dangers of phishing emails and malicious links, and always encourage staff to report anything suspicious to security teams. Having a workforce that is well educated on security risks means organizations can rely on them as the first line of defense to stop threats from entering networks.
Hospitals and healthcare providers are seeing essential advantages from the introduction of IoMT. Still, if security is not considered in tandem with this medical digitalization, the risks will significantly outweigh the benefits.
Practicing good security hygiene, implementing network segmentation and educating employees are the core elements that will harden healthcare providers’ connected environments, allowing them to reap the benefits of IoMT securely without putting patients at risk.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Discover Past Posts