NEW YORK – TECH – The Internet of Things (IoT) promises to revolutionize healthcare. Internet-connected devices monitor patients and processes in real time and send the data almost anywhere. That leads to improvements in speed, quality, and accuracy across the board.
The situation is not entirely positive, however. Since these devices are connected to online networks, they are subject to the same kind of cyber attacks as any other digital device. And since these devices are directly linked to patient health, the consequence of cyber attacks could be fatal.
This not hyperbole. This conclusion was confirmed by the Royal Academy of Engineering after the group completed a comprehensive study of IoT devices in healthcare. The group pointed directly to the WannaCry ransomware attacks of 2017. Those attacks targeted a number of hospitals and highlighted the fragile link between medical technology and patient care.
The Royal Academy of Engineering also notes that accidents are just as risky as attacks. Natural disaster, device malfunction, or disruption in networks could also cause IoT devices to fail. The takeaway from the study is that the threats facing IoT devices far exceed any preparations or protections that could be put in place.
Since the ubiquity of IoT devices is expected to explode in coming years the Royal Academy of Engineering recommends a new approach. Moving forward, all IoT devices must follow best practices for healthcare cybersecurity throughout the development process. Making devices resilient to attack and easier to restore is a commitment that governments, developers, and other stakeholders must all commit to.
The report from the Royal Academy of Engineering includes recommendations, not rules. Stakeholders are strongly encouraged to pursue IoT in a new way but they are not required to. Alarmingly, that means worst-case scenarios are likely to occur in the near future.
The number of insecure IoT devices already in use is large. Hackers have also shown a growing willingness to target healthcare settings and put actual lives at risk. IoT security is improving, but it can’t fix the weaknesses and vulnerabilities of the past.
Anyone in healthcare must accept that older IoT devices are an aspect of healthcare cybersecurity that is difficult or impossible to resolve. A large-scale breach or attack are both possible. But even if just one individual is affected, providers could be held liable.
There are initiatives in place in the US and around the world to improve healthcare cybersecurity. However, even after those improvements take effect the issues of the past will linger. There is only so much providers can do to prevent attacks on older IoT devices. That means the focus must be mitigating the damage, liability, and total financial impact.
With that imperative, it’s not surprising that stakeholders throughout healthcare are increasingly pursuing cyber insurance. Coverage against IoT attacks and a range of other threats targeting healthcare keeps financial liability from becoming crippling.
Healthcare cybersecurity is going to be an issue for decades to come and experience some high-profile failures along the way. Every stakeholdermust make protection a priority. But they must also prepare for when those protections inevitably fall short.
