In 2018 alone, there were more than 2,000 security breaches and 53,000 medical IoT security incidents discovered in 53 countries. What’s the picture looking like for 2019 and how confident are you that your health information is safe from exploitation? Statistically speaking, the healthcare industry is one of the most hacked of all sectors.
For one thing, medical databases contain tons of information, including insurance records and financial data, which are ripe for fraud, theft and sale on the black market. Sensitive health information is also fodder for blackmail and ransomware attacks, having been used to weaken opposition and undermine political campaigns.
Since medical professionals and facilities are making patient records and other data more widely available to patients and doctors through electronic medical records (EMR) and other storage and sharing tools, opportunities to infiltrate systems and cause mayhem are multiplied.
The problem isn’t localized to the U.S. Over the past few years, health systems and insurance providers have been targeted by hackers from North America to Singapore, affecting millions of patients and undermining their confidence.
Shrinking budgets and lack of investment in advanced cybersecurity technology contribute to the problem. Among concerns about data breaches in general come rising fears about the security of IoT networks and networked devices.
The answer for many healthcare networks is to purchase and deploy mobile device and endpoint security. But, are these measures enough to protect data and meet compliance with regulations like the EU General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA)?
The Hidden Dangers of Healthcare Hacking
Internet of things (IoT) networks increase the cyber attack surface by multiplying the number of possible access points. These networks include devices that are vulnerable to attack due to lack knowledge of what makes them easy targets and effective security to combat these vulnerabilities.
In order to highlight the danger of healthcare hacking, we have to dig a little deeper into why electronic health records (EHR) are such attractive targets, how IoT networks increase the attraction of hacking these databases and how this rising threat affects providers and patients.
In general, unfettered access to medical information is necessary for diagnostics, medical collaboration and treatment. Newer platforms, such as cloud storage, IoT and containerization, are designed to meet that need also make these networks less secure. This is in part due to the belief that many security measures place too many barriers on patients and hinder provider access. Complicating matters is the use of IoT devices in treatment and monitoring.
An IoT device is defined as any digital device or network that’s interconnected through wireless systems and/or embedded technology that’s used to power them remotely.
Examples of the kinds of IoT devices that are used in medical care and treatment include:
* Wearable health monitors
* Location tracking devices that are used to monitor seniors and other vulnerable populations
* Life support and dialysis equipment
* Blood bank storage
* Automated medication dosage dispensers
Even though these technologies like VxWorks are considered safe and effective for the patients while providing real-time monitoring and feedback, they’re also a security risk. The most common safeguards are designed to protect endpoints and mobile networks, but they’re often ineffective at repelling external threats.
Operating systems used to power medical IoT often have flaws that are located in the network layer, which allows bugs and viruses to spread and penetrate other areas of the system. This presents several issues because it’s due to the usual way these networks are designed to operate, and this necessity of design compounds the potential for exploitation. Locating these systematic weaknesses is like hitting paydirt for hackers.
Although operating systems like VxWorks and its various versions are used to power and run security-critical tech in environments like nuclear power plants, those are not as vulnerable as outward facing systems that run medical IoT networks, which can be exploited and manipulated remotely.
Another challenge is that the patches and solutions crafted by technicians need to be custom-created; they also can’t be taken offline to install patches because they are often patient lifelines.
Tips of Protecting Patients Records in the Age of IoT
All but the wealthiest healthcare systems are relying on outdated operating systems and legacy platforms to power their technology and permit accessibility. However, increased awareness and the outcomes of widely publicized attacks have elevated concern and forced larger facilities to increase budgets for IT departments and hire more personnel. Another factor is the prohibitive and lengthy FDA approval process, which no one seem to be able to expedite.
Even if attacks don’t directly target life-sustaining equipment, crashing systems still puts lives at risk. One place you can look to for more secure Internet of Medical Things (IoMT) networks is your web hosting provider. Nearly all of the best web hosting services today include dedicated security solutions, such as enterprise firewall protection and dedicated virtual private networks with heightened security and advanced encryption standards.
Cisco has created the Jasper, which integrates automated APIs to combine data integrity with enhanced security. It even places tighter security layers atop networked devices and data transmission. There are also specialty security standards being developed by companies like Gemalto and Entrust Datacard that deploy advanced encryption for data in transit and at rest. Greater demand and a booming industry will see further advances in creating a more robust security for medical IoT.
Other best practices include:
* Creating a Security and Vulnerability Management (SVM) protocol for finding network loopholes and detecting breaches.
* Limited connectivity to secure endpoints, including segmenting networks and devices to separate the most sensitive from common IoT like climate control.
* Monitoring email and other communications within medical facilities.
* Implementing Identification and Access Management (IAM) to control who can utilize networks or access certain portions.
There are currently millions of American patients who are vulnerable to having their medical information breached. When you add unsecured IoT networks and devices to the list of possible access points, the risk is compounded.
The future of IoT and IoMT holds a lot of promise, and its potential is only just being explored. Knowledge is one of the best weapons in the fight against cyber crime. Our goal is to do our best to answer your questions about cybersecurity and try to provide remedies that work.