With so much news focused on the threat of cyber attacks on our computing devices, we neglect the often-forgotten plethora of Internet of Things (IoT) devices that permeate everything from our homes and cars to manufacturing operations and yes, hospitals.
In fact, the risk of medical IoT has many experts predicting what a recent article in Health Data Management called a “focal point of a perfect storm for compromising healthcare data security and placing patient safety at risk.” Why? Because the article goes on to state “…the vulnerability of devices to cyber attacks is well known, and hackers are becoming emboldened to find new ways to attack healthcare organizations.”
IoT devices present particular risk, especially in healthcare organizations, as they significantly expand your attack surface, yet are invisible to many security products. From infusion pumps and X-ray scanners to blood gas analyzers, medical imaging devices, medical lasers and life support equipment, there are an endless number of medical devices at risk. Consider the impact of a breach on the systems that regulate heart monitoring in today’s hospitals. The result could be catastrophic.
So, what’s being done? a recent Ponemon Institute study found that only 17 percent of medical device makers and 15 percent of healthcare organizations are taking significant steps to prevent attacks on medical devices. There has been FDA guidance to mitigate or reduce medical device security risks, but it’s been difficult to enforce. Typically, enforcement only follows some type of event and even so it doesn’t typically require an adequate level of due diligence.
It’s time for a more proactive approach to medical IoT device security, and simple steps can make a tremendous difference. Consider these recommendations:
- Know What’s Connected. By implementing a solution to help you see and know exactly what’s connected to your network, you’ll be better able to secure it. You can’t secure what you don’t know exists.
- Use Trusted Solutions. When adding new IoT devices to your infrastructure, be sure to select trusted solutions from known manufacturers that can validate the security of their products. Seek third party verification when possible.
- Keep Devices Current. Just as you would your desktop infrastructure, be sure to apply the most recent patches and updates for all your connected devices. The more out of date your IoT device software becomes, the greater risk you’re in.
- Consistently Monitor and Manage. Keeping a consistent eye on all your connected devices is the best way to ensure that you can take proactive measures when issues arise. Reliable processes to audit, detect and respond will help you ensure that you can remain one step ahead of any cyber threat that may attempt to penetrate your environment.
Veristor is an expert in endpoint and network security for healthcare organizations. Our experts can help you keep malware and ransomware at bay. Schedule a consultation today for an evaluation of your organization’s security risks.