In the past, our blood pressure monitors and incubators were stand-alone devices. They required people to approach the device, look at the readings, document the data points, and make a report. Today, these devices (and many others) are connected to networks and the internet, which not only creates more efficient processes, but also improves data accuracy. This leads to systems with the ability to correlate data across devices and history to provide more insight and improve care. The Internet of Things (IoT) continues to help healthcare providers treat patients.
Using the IoT, healthcare providers can deliver and monitor care beyond the services provided in a hospital or other healthcare facility. The use of connected care allows doctors or caregivers to monitor their patients from anywhere. This frees up space in healthcare establishments, and allows healthcare professionals to continue to focus on their “face-to-face” missions while being able to monitor their health and serious risks.
Although this technology has advantages, it raises concerns, particularly because of the interconnectivity it involves. The interconnectivity of devices drives requirements for data protection, privacy, and the need to secure connectivity while monitoring risks and vulnerabilities. Healthcare security breaches are a digital pandemic that can quickly escalate if left unchecked. Here are three important tips for keeping these devices safe.
Tip 1: Secure the cloud and data
Many of these medical technologies transfer data from devices to the cloud and cloud-based applications. While using or building your own cloud-based services has many security benefits, it doesn’t solve everything. You are still responsible for many aspects of security, even in these shared services models.
You need to know who is responsible for which elements of security. It is highly likely that workload and data protection will remain your responsibility. However, what about compliance with health and privacy regulations? Leverage your company policies to secure infrastructure and data as if you are hosting the solutions yourself. You will also need to ensure that these requirements extend to partners and service providers.
Tip 2: Protect devices
Successfully closing the cybersecurity gap requires a multifaceted device security strategy, starting with improving endpoint persistence and progressing to geofencing. We recommend that healthcare organizations define their unique approach to endpoint security by first using a security platform rather than best-of-breed products and tools.
Tip 3: Minimize third-party risk
Third-party risk is a major problem in today’s landscape. During the past year, many healthcare establishments across France and around the world have experienced a security breach via a third party. Organizations spend a lot of time and money protecting the systems, applications, and technologies they control, and often assume their partners do the same.
This approach means that an attacker’s path of least resistance is through a third party. The attackers will break into the third party’s system and then into your system. A recent example took place in Australia where thousands of patients who used a home hospital service in South Australia had their personal information compromised when one of the largest insurance providers was hacked by an unsuspecting third party. allowed.
Many healthcare organizations work with thousands (or more) of these third parties. It is essential that you have a program in place to assess and manage the risks associated with this collaboration. Managing these risks requires programs that assess your partners’ people, processes, and technology. You should define security requirements for existing third-party systems as well as any new systems. These requirements should be continuously updated. They need to stay current with compliance requirements, security technology enhancements, and the threat landscape. This is not an easy task.
Why do criminals care? It’s simple: everything is connected
Although IoT devices do not connect directly to patient records, criminals still use this access point to jump to more critical systems in your environment, whether it is a patient billing system or of medical records. Attackers can then gain additional intelligence about how these systems work together and help craft an even larger and more dangerous breach.
There is a potential risk to human life. We predict that we will soon see the “weaponization” of IoT devices. One can imagine the implications. Even without the threat of physical harm, the value of health data is vastly greater than that of other data. Health records are used for identity theft, extortion, or worse.
It is important to understand that the absence of direct access to documents does not mean that a system (or data) has no value. This is an essential point to be aware of, whatever the solution. Users often think a piece of information has no value because they don’t consider how hackers are going to put things together, like puzzle pieces, to achieve their larger goal.