As medical service providers deal with the stress of a pandemic and growing prices, telehealth services are becoming more popular. However, the rush to implement remote healthcare has resulted in a plethora of wearable medical gadgets that capture sensitive data and are, according to experts, broadly exposed to cyberattacks.
Last year, Kaspersky Labs researchers discovered 33 vulnerabilities in MQTT, the most extensively used data transmission protocol for internet of things (IoT) medical devices, up from 10 in the previous year. The team cautioned that they all placed patient data in danger. To put such figures in context, Kaspersky experts claim that 90 MQTT flaws have been identified since 2014. Worse, they noted, many of those problems remain unpatched.
“Overall, we expected that 2021 would be a year of greater collaboration between the medical sector and IT security specialists,” the Kaspersky team said. “In some ways, our expectations were met, but the explosive growth of telehealth has brought new challenges to this collaboration which have yet to be solved.”
According to new research from Fortune Business Insights, the whole medical device industry (including healthcare wearables from FitBit, Apple, Samsung, and numerous other gadget-makers) will reach $195 billion by 2027, after seeing exponential growth since the commencement of the epidemic.
MQTT’s ease of use makes it a popular choice for most IoT devices, including medical devices. However, as the Kaspersky researchers point out, MQTT devices are vulnerable to man-in-the-middle attacks and data theft because authentication isn’t necessary, and encryption is minimal.
Aside from the device, Kaspersky discovered issues in Qualcomm Snapdragon Wearable, the most popular wearable device platform. According to researchers, the platform is rife with problems, increasing the total number of vulnerabilities discovered to 400 since its inception in 2020 — many of which are still unpatched. This creates a massive, susceptible attack surface in the healthcare industry, where attacks are becoming more regular, bold, and damaging.
The primary security considerations of using strong passwords and having adequate user security training were advocated by Kaspersky, but he emphasized that application developers need to do more.