Targeting the vulnerable: Cyberattacks on healthcare IoT devices

healthcare-IoT

Connected devices are revolutionizing healthcare, allowing providers to examine patients remotely, to gather vital-sign data through wearables in real time, and to advance medical research by collectively generating massive data sets.

Unfortunately, the healthcare industry’s embrace of the Internet of Things (IoT) has made it a main target of cybercriminals. In a recent global survey by software vendor Irdeto, 82% of healthcare organizations said the IoT-enabled devices they use or make were attacked over the past year. That’s the highest of the four industries represented in the survey of enterprise security leaders (the other industries were transportation, manufacturing, and IT).

I’m just a healthcare layman, but even I can see where this is going.

“Of the [healthcare] organizations hit by an attack,” Irdeto reports, “30% report experiencing compromised end-user safety.”

With the possible exception of moving passenger vehicles, I can’t think of a worse target from a public safety standpoint than connected medical devices. Irdeto calls the situation “alarming,” and that’s an understatement. The sad truth is that if a device is connected, someone eventually will try to hack it. (That’s why cybersecurity always will be a viable career choice!)

Not only can cyberattacks on healthcare IoT devices threaten patient safety, they can hit provider organizations in the bottom line. The financial impact of an IoT-focused cyberattack in the healthcare space is more than $340,000 on average, the survey results show. These costs can come in the form of stolen patient data, intellectual property theft, downtime, and damage to the organization’s brand or reputation.

Even if a cyberattack doesn’t specifically target an IoT device, it can threaten patient safety by knocking out the network, locking down data (as in a ransomware attack), and altering patient medical and prescription data.

There’s plenty of advice out there for healthcare providers that want to secure IoT devices connected to their networks. Thaier Hayajneh, founder and director of Fordham Center for Cybersecurity at Fordham University, offers some best practices for securing healthcare IoT devices in Section 9 of this paper, Security and Privacy Issues with IoT in Healthcare. They are:

  • Ensure security features are built into the IoT device
  • Strictly adhere to authentication rules
  • Verify firmware sent to devices
  • Limit device access
  • Monitor device-to-device communication
  • Employ layered security, not just perimeter
  • Pretest device security before deployment
  • Monitor device security through lifecycle
  • Establish “culture of security” to raise awareness
The bottom line, though, is that more connected devices means more targets, which means more attacks. Healthcare providers have a responsibility to be ready.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: