Skip to main content
banner image
venafi logo

Priority #1 for IoT in Healthcare: You Better Lock It Down!

Priority #1 for IoT in Healthcare: You Better Lock It Down!

healthcare security
May 22, 2018 | Guest Blogger: Allan Pratt

No matter where you get your news, you’ve no doubt heard about incredible tech advances in healthcare. From accessing data on an app to receiving instructions from medical personnel on a smartwatch or smartphone, the Internet of Things, or IoT for short, is making a significant impact on the healthcare industry. But is the impact entirely positive?

Thanks to IoT in healthcare, patients, doctors and administrators can see a granular view of everything from a patient’s health to all facets of hospital administration. This results in improved efficiency, accuracy, and economic benefits. And in rural areas, this results in the need for less human intervention, where there are few doctors and even fewer specialists.

According to Scott Gnau, CTO of Hortonworks, “Consumer-facing IoT will have a remarkable impact on the way we live, work and communicate – with each other and devices. Imagine a diabetic with a blood glucose monitor that connects to their phone, that sends the information to their primary physician, that records that ping to an online portal to better manage levels and the impact on that individual’s healthcare experience.”

But with these improvements, there’s also risk. IoT’s risk affects both security and privacy. The increase in connected devices and the use of cloud resources have created a situation where hackers and cybercriminals have more attack vectors. You can bet that bad actors will attack cloud providers with the intent to take down multiple organizations at once, thus increasing the scale of attacks with little effort (a DDoS on a massive scale). Think of the scope of damage in a medical setting like a large hospital.

Experts estimate that the IoT will consist of 30 billion objects by 2020, and most will be Internet facing with the cloud for data storage and data analytics. And from an enterprise’s perspective, to cut costs, some small-to-midsize hospitals may go to an XaaS (Everything as a Service) model, which will create an even larger number of attack vectors.

However, privacy, security, passwords, and encryption are understood in the healthcare industry thanks to two pieces of legislation: the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009, which strives to stimulate the adoption of electronic health records (EHR) and supporting technology, and the Health Insurance Portability and Accountability Act (HIPAA)of 1996, which provides data privacy and security provisions for safeguarding medical information. All in the healthcare industry are well aware that penalties and fines can occur if patient data is not protected.

On the black market, a stolen credit card number may be worth 25 cents, and a social security number may be worth 10 cents, but a medical health record could be worth hundreds or even thousands of dollars. Medical records contain ALL an individual’s demographic data including residential and professional addresses, names of family members, historical medical history, medical insurance history, and credit card information. This is the most comprehensive account of information about you, and as a result, it’s a treasure trove for cybercriminals.

Hospital IoT can be attacked through many vectors. There is the inside threat that may be accidental or through malicious intent. There is the malicious outsider who may attack by either jumping on an internal network using social engineering or through brute force, and there are websites, such as Shodan, which are a one-stop shop for anyone looking to find Internet facing IoT devices.

The information available on Shodan can give bad actors access to passwords, usernames, and potential vulnerabilities of any devices found that are Internet facing. And that’s not just IoT. This also includes industrial control systems, SCADA (supervisory control and data acquisition) systems, databases, and any other Internet facing device as well. If something can be accessed through the Internet, hospital IT staff must lock it down.

The problem with IoT devices is that manufacturers don’t have the resources, money or personnel, to keep up with firmware and software updates. Some devices may be legacy and do not have the ability to be updated frequently as vulnerabilities are found. Unlike major software and hardware developers, most companies that manufacturer IoT devices think about security as an afterthought, or not at all, or set generic default passwords.

So, the bottom line is that, today, not some random day in the future, it’s up to the IT department in each hospital to make sure strong passwords and encryption protocols are used for ALL devices and software that are on their networks and face the Internet.

Related posts

Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

mobile device banking security

Would You Borrow Money Using Your Mobile Device?

Security Accountability

Security Accountability: Who in the C-Suite Should Care?

About the author

Guest Blogger: Allan Pratt
Guest Blogger: Allan Pratt

Allan Pratt, an information security strategist, uses his expertise in computers, cloud computing, networks, servers, security, and mobility to translate tough tech into everyday language. He is a frequent contributor to national tech blogs.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more
Chat