Securing Internet-Connected Devices in Healthcare

  • Published: Wednesday, Oct. 21, 2020

This week’s focus for National Cybersecurity Awareness Month (NCSAM) is Securing Internet-connected Devices in Healthcare.

When connected to the Internet, medical devices improve efficiencies and provide better tracking and diagnoses. This capability can allow for more accuracy and lower medical costs by elimination of frequent in-person medical visits.

IoMT (Internet of Medical Things) continues to grow, but these new technologies come with inherent security risks. There is tremendous data associated with connected medical devices, so there is a risk of breaches and cyber attacks. Cyber crooks can use this data to create fake IDs, file fraudulent insurance claims and sell personal information.

The clinical impact of IoMT risks directly involve the patient’s health. A denial-of-service (DoS) attack can shut down a person’s pacemaker or interrupt automated medicine dispensing. These implications can result in death or adverse effects due to hijacked medical treatment.

Organizations need to be aware of basic security measures needed to protect IoMT. Many healthcare data breaches have been due to social engineering and phishing attacks. Raising awareness of healthcare workers to recognize these type of attacks can assist with fortifying security controls within the institution. Adopt a zero-trust environment by implementing segmentation and risk-based identification.

The medical devices can be vulnerable to malicious inbound commands. Therefore, processes should be in place to ensure that the device is kept up-to-date on software and firmware. The wearer’s home network should also be closely scrutinized and secured. A cybercriminal could perform a man-in-the-middle attack and take control of the device and change or delete the data being transferred.

Resources:

Medical Device Security Best Practices

The 17 Requirements for Secure Connected Medical Devices