Medical IoT Device Security Risks And Solutions

Medical IoT devices have great benefits to patient care, but can leave medical centers and hospitals wide open to cyber attack. Learn more.

Doctors uploading patient data through wireless devices. Many medical devices lack robust security and could serve as an entry point to a hospital's network.

The Internet of Things (IoT) for the healthcare sector was worth $60 billion in 2014, and is estimated to reach a net worth $136 billion by 2021. Today, a typical hospital utilizes hundreds of connected devices including implantables, wearables, monitors, workflow, imaging and patient data systems. These touchpoints offer several advantages for better patient care; however, many medical IoT devices lack robust security and could serve as an entry point to the hospital’s network. Another potential weak link are in-home telehealthcare devices, such as those to monitor a patient’s blood sugar or blood pressure. When the data is sent wirelessly to medical providers over the open Internet or an exposed WiFi connection, the hospital’s system is temporarily vulnerable to a cyberattack.

Benefits To Patient Care

The healthcare industry places a high priority on initiatives that save time, money and lives. For example, tracking technology offers a way to follow people and equipment in a hospital. Improved patient flow reduces waiting times and procedure delays. Better staff-to-patient ratios can be maintained from centralized command stations, and data may be analyzed retrospectively to improve processes. In general, patient data has never been more accessible. Today, everything from ventilator readings to nursing station data can be viewed from anywhere in the hospital. With readily available data physicians can make decisions faster, resulting in improved clinical outcomes and reduced costs. It’s no surprise then that IoT in the healthcare sector is booming, but the key issue to resolve is how to mitigate the risk to digital assets.

Simplicity Implies Risk

No matter how sophisticated the medical device, digital security is typically an afterthought. Medical IoT devices are designed foremost for usability, but with this simplicity of design most fail to support encryption. This means that anytime a medical IoT device is used to connect with a hospital network or healthcare database there is a risk of interception or infiltration. This could happen when ambulance drivers use mobile devices to relay patient data to the ER, when mobile health clinics (MHCs) transmit patient information to their database or when in-home telemedicine devices transmit data to healthcare providers.

It’s no secret that hospitals are a favorite target of ransomware attacks. This is in large part due to porous digital security and the ever growing number of unsecure connected devices. According to the World Privacy Forum, a medical record (name, address, social security number and health ID number) fetches $50 on the black market compared to a live credit card number which goes for only $3. Infiltrating a hospital network or healthcare database would provide criminals with access to thousands of personal medical records.

Mitigating The Risk

Incorporating security measures into the design of connected medical devices would likely be cost prohibitive, and to date the FDA has been hesitant to implement strict guidance in this area. Most IoT devices stream data and information with repeatable frequency. Securing IoT traffic from many devices and sensors can be overwhelming. A portable security tool, such as Goencrypted, is the optimal solution for detecting and preventing activity such as remote IoT configuration tampering.

With this protection, medical device data can be securely tunneled and monitored for threat analysis. From a web-based console, administrators can securely communicate with IoT devices deployed within a hospital, medical center or offsite in patient homes.

Requiring only 500 milliamps at 5 volts of power on boot and averaging 250 milliamps at 5 volts in normal use, Goencrypted is unmatched in performance per watt, a critical metric in IoT deployments. Plus, at a size of only 2” x 2”, the device portability simplifies deployment. Goencrypted is priced substantially lower than other next-generation firewall solutions, and is designed to accommodate highly scalable IoT environments with thousands of nodes such as those found in hospitals and large medical centers.

Learn more about how GETPAY LLC’s products and solutions help enterprises secure their data and prevent losses in reputation, trust and earnings.