Data security in the age of health care IoT technology

The emergence of the Internet of Things has complicated data security operations at organizations across myriad sectors. Information technology teams and third-party service providers must now devise advanced digital defense practices to address the ever-growing number of enterprise-grade IoT end points.

However, the stakes are highest for firms in the healthcare space, as they regularly deal with sensitive patient data protected under state and federal legislation, including the Health Insurance Portability and Accountability Act. Unfortunately, it is for this very reason that hackers target hospitals and other groups operating in the industry.

Nefarious parties executed more than 450 cyberattacks against healthcare organizations and made away with almost 16 million records last year alone, according to research from Verizon Wireless and the Identity Theft Resource Center.

This activity has intensified over the course of 2017, resulting in multiple, high-profile breaches. The U.K.'s National Health Service was the latest victim. The agency, which employs 1.6 million healthcare professionals worldwide, suffered a crippling strike in May that caused a massive system shutdown, The New York Times reported.

Administrators were forced to cancel non-critical appointments, divert emergency vehicles to clinics with connected medical equipment and dust off physical patient files and prescription pads. NHS IT security teams even advised employees to disconnect from Wi-Fi networks and power down mobile devices. Panic ensued at NHS outposts throughout Britain, as medical teams scrambled to work around compromised networks.

Later, data security specialists learned that the perpetrators had used a particularly potent form of ransomware called WannaCry, according to Wired. Once introduced to the NHS network, the vector went to work paralyzing computer and phone systems. When users attempted to log in, they were met with an on-screen message requesting a ransom of $300 worth of bitcoin.

More of these situations are bound to materialize as healthcare organizations continue to integrate connected devices into clinical workflows and embrace the digitization of medical records. Of course, healthcare organizations are fighting back, working with hardware and software vendors to develop secure systems that can withstand an onslaught of hackers searching for patient information or breaks in the network large enough to accommodate the latest malware.

Clinicians are using IoT devices to serve patients but these items also come with risks.

Medical device risk rises
Hospitals and clinics across the world have embraced connected medical devices in recent years, equipping administrators, clinicians and patients with the latest IoT technology in an effort to bolster service quality and ultimately achieve improved care outcomes. The market for these connected clinical fixtures is expected to grow considerably as a result. Analysts for the consulting and market research firm believe the segment will balloon 4.6 percent over the next five years to $343 billion.

Many of the healthcare entities investing in this technology are seeing results. Administrators can use tablets and other on-the-go devices to access patient data portals and collaborate with colleagues more seamlessly, Wired reported. Doctors and diagnosticians are using IoT fixtures for similar purposes, while also accessing customized connected testing tools approved for use in wards. On top of that, patients now leave appointments equipped with advanced IoT monitors that beam their vitals back to their physicians or connect with smartphone applications used in self-care regimens. These initial use cases constitute the tip of the iceberg, as technology firms continue to roll out mobile devices made for use in the healthcare arena.

As end points multiply, so do vulnerabilities. Data security experts have long held this fear, according to Wired. However, now that clinical IoT devices are a reality, the terror has intensified. Brands like Johnson and Johnson that create connected devices implanted with patients are particularly fearful. Last year, the consumer products giant warned diabetes patients using its automated insulin pump that hackers could infiltrate its base software and wreak physical havoc. St. Jude Children's Research Hospital in Memphis dealt with similar circumstances in February when it discovered that many of its wireless medical devices, including pacemakers and defibrillators, concealed major software vulnerabilities, Threat Post reported.

Theoretically, hackers could use these weaknesses in schemes like the one executed at the NHS earlier this year.

Addressing a dangerous situation
With these risks in play, healthcare organizations are quickly searching for effective digital deterrents. An estimated 76 percent of hospitals and care providers have increased their IT security budgets this year, according to research from Thames Security. However, hardware and software vendors must also take action, as the uneven digital defenses installed in IoT medical devices are often at the center of breaches, Wired reported.

Luckily, oversight bodies are attempting address the problem by establishing standardized design requirements for firms intending to deploy their devices in clinical operations. The Food and Drug Administration is leading this charge here in the U.S. but analysts say the burden lies with technology companies, as they must sacrifice budgetary expedience to truly protect patients from hackers thirsting for black market-ready medical data.

As the sector grapples with this issue, Perle continues to provide secure networking infrastructure made to withstand the modern cyberthreats. That is why major healthcare groups such as Arkansas Children's Hospital, GE Healthcare and Sanofi use Ethernet extenders, serial cards and serial device servers to facilitate safe and secure clinical operations. Connect with us today for more information about our products and work within the healthcare industry.