IoT Is the Future of HealthcareImagine a future in which hospital staff immediately know which beds and rooms are occupied and can move patients from arrival to treatment like a well-oiled machine. Imagine a future in which people who live in remote areas, away from hospitals and specialists, can still receive treatment through Internet-connected devices. Imagine a future in which doctors can track everything from a patient’s prescription schedule to their physical health, without needing to be physically present. We’re fast approaching that seemingly far-off vision of the future of healthcare. According to a report by Allied Market Research, the IoT healthcare market will hit $136.8 billion worldwide by 2021. Even today, there are approximately 3.7 million medical devices used by hospitals and physicians to monitor patient wellness. That’s not even the exciting part. All the examples we’ve provided above? They’re only the beginning. As more and more of the healthcare industry comes online, we’ll continue to see new innovations in patient care and greater improvements in patient outcomes. Sounds incredible, right? There’s just one catch: Cybersecurity threats.
Connected Medical Devices: Opportunities and ThreatsConnected medical devices represent a larger threat risk than anything the health industry has seen before. At the time of writing, no one seems quite sure what to do about it – and that’s an enormous problem. Connected medical devices represent a larger risk than anything the health industry has seen before. || #IoMT #IoT #Healthcare Click To Tweet
Hospitals and healthcare providers have long had a tenuous relationship with IT. Many IT departments in the health space are understaffed, underfunded, and overworked. Compounding this is the fact that many healthcare facilities utilize infrastructure that can best be described as slapdash—a combination of legacy systems, medical equipment, and physical documentation.
“IoT security is a headache, a mess, and several other flavors of annoying for any enterprise, but in healthcare, it can be literally life and death. Medical IoT poses additional security risks [over traditional IoT]. For one, connected records systems are attractive targets for identity thieves […] under certain circumstances, an attacker could exercise direct control over medical equipment, with potentially fatal consequences.”
— Jon Gold (Network World)
Healthcare IoT and Security: A Precarious UnionThe first step to addressing the underlying security threat of IoT, then, is to digitize, homogenize, and upgrade. To effectively use connected medical devices, hospitals must first fully digitize their record systems, while also moving away from older infrastructure that may be laden with security holes. Likely as not, this will involve hiring additional IT staff—and it must involve a HIPAA compliance officer to ensure everything is done to the highest standards. From there, hospitals that seek to incorporate connected medical devices both within their walls and without must understand that these devices are subject to HIPAA the same way a cell phone or laptop would be. That is to say, they must meet the following criteria:
- Encrypt all data, both in motion and at rest, which means they must always establish a secure connection, no matter where they are
- Remain visible and under the control of the hospital’s IT staff at all times
- Require two-factor authentication, with idle state protection and access limited exclusively to authorized parties
- Be subjected to regular security updates
- Be included in a hospital’s risk assessments
- Allow for remote data erasure
- Regularly scan for security issues such as malware, unauthorized access, etc.