A patient lies on his bed. A furrow of concern crosses his brow. He presses the call button and a nurse arrives. She checks his heart monitor, assures the patient that all is well, and leaves. An hour later, the patient goes into cardiac arrest. This could have been prevented if the heart monitor had shown the correct information – but it didn’t. As part of the Internet of Medical Things, the heart monitor malfunctioned due to an external cyberattack.
In general, the Internet of Things (IoT) causes people concern because they are worried about their personal data being breached and sold. The serious nature of identity theft, credit card fraud, and stolen funds cannot be minimized. But when it comes to the Internet of Medical Things (IoMT), the stakes are even higher: lives are literally on the line.
Today’s hospitals and healthcare systems are tremendously complex, with medical devices connected to networks that house patient data. The lure of this personally identifiable information (PII) makes healthcare organizations a major target for hackers, as seen in the recurring headlines of hospital breaches. But healthcare organizations must take into consideration the physical dangers, too. For example, if ransomware shuts down critical medical devices or inhibits the transmission of data to and from these devices, patients’ lives are endangered.
To counter sophisticated threats that involve the IoMT, healthcare organizations need to employ a three-fold plan:
- Get a Clear View of All Devices
Visibility is the first critical step. An estimated 10% to 20% of medical devices in hospitals are connected, and that number is growing rapidly. All connected devices need to be identified so that each one can be protected.
- Set – and Enforce – the Rules
Once visibility is established, security policies can be instituted based upon device categories. For example:
- Does the device require access to the data center? If data is being pushed to or pulled from the data center, the device is a prime target for hackers.
- Does the device sustain human life? Devices that play a critical role in sustaining life require strong security policies to protect patients.
- Is the device easy or hard to exploit? Unfortunately, many older devices are extremely easy to exploit. They may not even have password protection. Such devices need security policies – and, often, risk remediation – to counter their vulnerabilities.
- Who requires access to the data being collected? Policies may dictate that a medical technician can only access basic data from a certain device, whereas a doctor may be granted access into a patient’s information.
Policies should be set at the granular level and rigorously enforced with both the business and patient in mind.
- Be Cryptic
Securing medical devices is not enough: data in transit must also be secured through strong encryption. For example, a VPN or SSL tunnel can be used to secure data on the wire as it travels to or from an IoMT client or server. Without encryption, data can be breached while it is in motion, with ramifications for both healthcare systems and patients.
It is not a scare tactic to say that lives are on the line with IoMT in healthcare. It is a simple statement of fact. But with visibility, security, and encryption in place, hospitals and healthcare organizations can protect both the data, the health, and the lives of the patients who rely on them most.
Healthcare organizations worldwide are choosing Pulse Secure for their secure access solutions.
Check out our latest healthcare customer success video below.
 The Healthcare Information and Management Systems Society (HIMSS)