The growing deployment of connected health devices is speeding up cyberattacks, according to Capterras medical IoT survey of health IT professionals. The IoT device relays data about patients to a software app, where healthcare providers and patients can view it. A significant challenge for remote patient monitoring is to ensure that the highly private data these IoT devices gather is safe.
Also, the Cynerio and Ponemon Institute reviewed the ongoing effects of cyberattacks against healthcare facilities and Internet-connected IoT devices and medical devices, finding several troubling trends. Patients who wear an IoT device for collecting health data may contain questions about who has access to the data and how it’s used.
IoMT (Internet of Medical Things) has numerous weaknesses, yet it is possible to protect healthcare equipment from attacks without compromising patient confidentiality. A new study conducted by Medigate and CrowdStrike has highlighted the degree to which healthcare Internet of Things (IoT) devices are being targeted by threat actors and warned of a concerning state of IoT security within the healthcare sector.
The survey additionally found that 67% of attention to IT cyberattacks affect patient information and 48% affect patient care, suggesting that the growing industry’s security risks are having serious implications for patient privacy and outcomes. The Medical web of Things (IoT) helps build healthcare additional affordable, effective, and patient-centric.
However, connected devices that contain IoT sensors (e.g. glucose monitors, insulin pumps, defibrillators) typically have unsecured security vulnerabilities, which can put healthcare facilities or patients at risk. Healthcare practices connect over 70% of devices and are 24% more likely to be attacked by cyberattacks than alternative practices with 50% or fewer connected devices. Zach Capers, a senior security analyst for Capterra, commented: “As a healthcare organization adds more medical devices to their network, their attack surface increases.” Connected medical devices are typically not monitored for security vulnerabilities, and since they operate across a broad range of software and hardware platforms, they are hard to monitor using just one tool. This means many connected devices to medical equipment are left wide open to cyberattacks. Alarmingly, 57% did not always change their default usernames and passwords for every newly connected medical device they used. In addition, 82% are running connected medical devices on older Windows systems.
Organizations should patch devices or update the firmware as soon as security vulnerabilities are discovered. Unfortunately, 68% of healthcare organizations are not frequently updating their connected devices when patches are available. However, vulnerabilities and associated patches aren’t always well-publicized, implying that healthcare IoT device security personnel in the IT sector must be kept up to date on new security threats.
Healthcare facilities will advance in the coming years as IoMT technologies will improve, providing better patient outcomes, richer visitor experiences, and improved working conditions for professionals. Medical IoT security requires active, continuous monitoring. Healthcare facilities must perform regular vulnerability assessments before connecting medical devices to the IT network. They should also maintain up-to-date, accurate inventories of all connected devices associated with software and firmware and employ software to monitor those devices.