Why healthcare needs a new security strategy
The fourth industrial revolution is changing every facet of the world, including healthcare. As automation continues at full speed, the number of connected, intelligent products are exploding with healthcare providers increasingly relying on interconnected devices to aid patient care.
Hospitals often have challenges when balancing security and ease-of-access of connected devices. It’s imperative for them to act to secure connected devices, which are pervasive across the industry. With cybercriminals intent on disrupting everything from the electoral process to utilities, healthcare is an increasingly attractive target.
The rapid growth in smart devices and systems in healthcare is shining a spotlight on cybersecurity concerns. Because the risks associated with a security failure in healthcare IT can have a life or death impact, getting it right is the only option. Both device manufacturers and healthcare organizations are struggling to cope with the deluge of security vulnerabilities that come with connected medical devices. Research has identified that 82% of healthcare organizations have already experienced an IoT attack.
Security starts at the manufacturing level
Widespread security issues exist at the manufacturing level when it comes to medical IoT devices. For instance, many devices use the same built-in administrative passwords to permit access across multiple devices; passwords that can’t be changed by users or even the facility’s system administrator. Coupled with employee password reuse and sharing which is rampant within healthcare, this is magnifying security vulnerabilities. A staggering 74% of respondents admitted to sharing passwords, according to a study conducted by Healthcare Informatics Research.
Healthcare providers and manufacturers must work together to ensure that security best practices are incorporated before connected devices are activated. This includes the removal of default settings such as basic passwords and ensuring that passwords are both strong, unique and uncompromised. It’s also critical that the software is up to date before devices are activated and are updated on a regular basis for new patches.
While connected care is already delivering many benefits for patients, the consequences of continued IoT adoption in the sector could be life-threatening unless healthcare providers and device manufacturers rethink how they approach security. Imagine the scenario of a hacked device giving the wrong dose of medicine to critically ill patients or sensitive patient data being exposed.
It may take government regulation before either party finally starts to address the onslaught of security and privacy challenges that smart medical devices have given rise to. Maintaining the status quo when it comes to IoT security is not an option for the healthcare industry if it wants to mitigate risk.
All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.