We use cookies on this website, you can read about them here »

Accept cookies

News

Security of IoT in Healthcare

The ‘Internet of Things’ (IoT) refers to the activity of data collection and exchange between devices remotely.

Healthcare has a range of devices that operate in this way, some connected directly to the patient maintaining their health, some used for monitoring or diagnosis purposes and some used around the hospital, for example:

  • Pacemakers, life support and infusion pump machinery delivering medication
  • Patient monitoring equipment such as that used for checking blood pressure, heartrate, oxygen etc.
  • Imaging systems, i.e. X Ray, MRI etc.
  • Automatic updates to medical records, refrigeration sensors on blood fridges

These devices can improve operational efficiency through automation, improve effectiveness of diagnosis through better access to information and ultimately improve patient care.

However, they also pose a risk to information security and patient safety which needs to be managed carefully.

Malware is seeking a weak spot to break through and infect your network, once in the infection can spread and cause devices to fail.  This could have catastrophic effects considering the type of devices being used.

A lot of healthcare devices could be weak spots, they often have a lengthy product life so they may have been manufactured some time ago, and whilst perfectly functional, were not designed with the security scrutiny needed today.

These devices are varied, using different hardware, operating systems and applications meaning that most standard security approaches, such as endpoint agents and antivirus, will not work. The best approach to take is through stringent network security.

Some steps to mitigate the IoT risk include:

  • Know what ‘Things’ you have – make an inventory of your IoT devices, an automated method of tracking is ideal
  • Ensure all devices are onboarded in line with security and user protocols – restrict user privileges
  • Introduce complex password requirements or more stringent measures such as two-factor authentication
  • Undertake regular antivirus and patch checks and vulnerability assessments of your network
  • Segment your network and secure segments with individual firewalls
  • Restrict medical devices to specified network segments
  • Black/whitelisting – designate what IP addresses are allowed to communicate with devices and block connection attempts from unapproved users

Finally, take a proactive approach to the monitoring of your network to ensure that threat information is continually updated aiming to block malicious activity before devices can connect.

September 2017

 
Share this Site