While the market for medical connected devices is predicted to grow 20% yearly, according to Infoholic Research, their mainstream adoption presents IoT security loopholes with hackers increasingly targeting health organizations and hospitals as a result.
Constantly connected wearable devices have proven to be vital to patients and healthcare providers alike. Smartwatches providing heart rate and blood oxygen level information, personal hearing aids that can be calibrated remotely, these medical devices have taken a place in our lives for good.
The rushed shift to the cloud in mid-2020 brought about fragmented systems, information silos, and unencrypted devices. This means new challenges and more work for cybersecurity leaders. Data security and health industry security are proving to be the next line of defense.
Most cheap medical devices are prone to issues like poor security standards and limited or no encryption. By exploiting these flaws, attackers can tap into sensitive information like medical databases full of personal information including insurance records and financial data. In the worst-case scenario, attackers can turn medical devices on or off.
Bad actors can use stolen sensitive health information for blackmailing and ransomware attacks.
One recent study of internet-connected hospital devices showed that over 80% of medical imaging devices run on outdated operating systems which hackers can compromise to steal data or disrupt healthcare.
On the other hand, to remediate the situation, medical organizations can take additional security steps that should and can stop cybercriminals.
Medical facilities are advised to apply all updates properly and swiftly and ensure that only authorized administrators can make changes to devices.
Cybersecurity leaders must instruct patients on how to install and properly configure the device as well as the home network to ensure a secure connection to transmit encrypted data.
In addition, strong authentication which uses cryptographic keys to identify and authenticate peers, instead of a username and password, is a must.
Besides all the above, new security standards for healthcare are needed from governments and regulatory bodies.
As medical connected devices enter remote and personal care in increasingly bigger numbers, it is imperative for cybersecurity teams to adopt better device encryption and bolster IoT cybersecurity.