By 2020, some estimate that the Internet of Things market will surpass $115 billion.
IoT consists of many different technologies, from smart devices, wearables, implants and skin sensors to home monitoring devices and mobile health applications, in addition to the underlying infrastructure for these tools. For patients, IoT allows real-time monitoring both in and out of the hospital. It also enables data collection, which can be analyzed to reveal patterns, allowing doctors to adjust their treatment plans.
Despite the benefits, increased reliance on IoT devices introduces a larger cybersecurity threat landscape, which means a higher probability for theft of protected health information or a ransomware strike that can compromise patient safety. As adoption of IoT technologies continues to grow, organizations must prioritize tighter, more robust security measures.
In IoT Upgrades, Ensure IT Department Involvement
When healthcare providers adopt new devices, they don’t always involve IT. That is problematic for several reasons. For instance, security is not always a high priority for device makers, so when untested or unknown devices connect to a network, users can unintentionally create backdoors for malicious behavior. Awareness is key for IT to remediate any potential issues.
What’s more, healthcare IT staff should have common controls for any devices connected to an organization’s networks to ensure proper implementation of passwords, encryption and the latest security patches.
Introduction of new IoT devices must be an exercise in teamwork.
Forward-Looking Legislation Protects Medical Devices
Legislation proposed in July aims to provide greater cybersecurity protections for medical devices.
Sen. Richard Blumenthal introduced the Medical Device Cybersecurity Act of 2017 (S. 1656), saying that medical device security is in critical condition.
“My bill will strengthen the entire health care network against the ubiquitous threat of cyberattacks,” Blumenthal says in a statement. “Without this legislation, insecure and easily-exploitable medical devices will continue to put Americans’ health and confidential personal information at risk.”
The bill looks to create a security report card for devices that mandates testing prior to a sale. In addition, it aims to ensure that cybersecurity updates for such devices remain free and do not require recertification by the U.S. Food and Drug Administration.
Still, even if it becomes law, legislation alone can’t ensure the protection of such IoT tools. With hackers increasingly viewing the healthcare industry as a lucrative target, provider organizations must approach cyberhygiene with just as much consideration as care delivery. Patient safety is on the line.