For healthcare organizations, digital transformation has become fundamental to patient care, providing a more personalized patient experience and delivering more targeted, efficient care both at home and in care facilities. As part of this, connected digital devices have proliferated in healthcare environments, enabling everything from wireless telemetry for patient monitoring to radio-controlled pacemakers to intelligent lighting and heating. Most of these new IoMT (Internet of Medical Things) devices are wireless and operate over a variety of protocols such as Wi-Fi, cellular, and MedRadio. However, with this digital innovation comes the challenge of securing connected devices against a growing range of threats. And the stakes are high, with patient well-being and protected data on the line.
The Explosion of IoMT in Care Settings
According to a March 15, 2021 Marketwatch bulletin, the global IoMT Market is anticipated to reach USD 142.45 billion by 2026, with a CAGR of 28.9%, due primarily to the increasing prevalence of chronic diseases. HDOs (healthcare delivery organizations) use these devices in an ever-expanding array of processes to improve patient care, give patients more autonomy, and control costs. For example, wireless biosensors can track MS and Parkinson’s patients’ movements to guide treatment. Smart pill sensors enter the stomach to measure core temperature and pH levels, check medication dosage, and then send data to tablets or smartphones. Surgeons use connected robotic devices to improve precision. Hospitals track inventory with wireless devices and use wireless ID wristbands and connected cameras to manage the flow of admission to specific areas.
Rising Cyber Threats to Healthcare Organizations
Major healthcare data attacks date back to 2008, and a 2017 survey found that more than one in four American consumers had been impacted by healthcare security breaches. In the past three years, more than 93 percent of healthcare organizations have experienced a data breach, and 57 percent have had more than five data breaches during the same period. Cyber-attacks on healthcare organizations increased during 2020. In September and October hospitals in Oregon and New York were hit, and an attack on a 400-hospital system based in Michigan forced it to temporarily shut down its IT systems. A report cited in Medical Economics notes that, since November 2020, attacks on HDOs increased at more than twice the rate of global cyber-attacks across all industries. Equally concerning was the discovery In late October 2020 of a new virus named Katana, which has been exploiting IoT security vulnerabilities to make devices inoperable or deny access to their data by encrypting it. Cyber-threat operators now make Katana available on Dark Net websites and on websites such as YouTube, allowing less experienced players to create their own botnets to spread the virus.
IoMT Security Challenges
Wireless devices pose a unique set of security problems. They’re hard to inventory because they don’t operate on traditional wired-side healthcare networks, yet many are still connected to the network. Even if HDOs are aware of the devices, varying device protocols and operating systems make it difficult to know what vulnerabilities and threat levels exist for each. Additionally these vulnerabilities can change over time with different software iterations and increasingly sophisticated cyber threats. A report in Security Magazine notes that one in five medical devices are well behind the security curve because they run on Windows 7 or older operating systems (XP, CE, ME, NT, 98, 97, or 95), and many expensive machines can’t be updated or patched without replacing them entirely. Exposures can come from unexpected sources such as vulnerable printers, servers, parking lot gates, and vending machines that share the same VLANs as critical medical devices; and even from Facebook and YouTube applications that have been found running on MRI and CT machines. Add to this the difficult task of coordinating multiple entities within HDOs and the reality that healthcare cyber-security budgets typically lag behind those of other data-sensitive industries. If HDOs want to embrace advanced IoMT capabilities while keeping patients safe, protecting data, and avoiding disruptions, they will have to evolve their strategies and adopt new cybersecurity approaches to keep pace.
To learn more about how HDOs deal with wireless device security and evaluate your organization’s current level of preparedness, see our guide: The Healthcare CIO and CISO Checklist for Wireless IoMT Security