The healthcare paradigm underwent some seismic shifts when the HITECH Act forced electronic medical records on the healthcare industry. With the embrace of digital technology, healthcare has experienced a great disruption in how we track patient care.

The latest IoT (Internet of Things) devices are the second wave in our technological transformation. These Wi-Fi connected medical devices are the latest trend in patient care. These instruments feature remote sensors that capture and load data into the cloud. They’re beginning to have an incredibly positive impact on how we care for patients post-surgically, how we encourage treatment compliance related to population health initiatives, or even how patients can access care.

But these networked appliances create new security vulnerabilities that our IT teams must focus on. Let’s take a look at the innovation and how to stay safe within IoT applications in healthcare.

Where is the IoT? Everywhere

From population health initiatives seeking ways to incorporate data from fitness devices into treatment modalities for overweight patients, to telemedicine initiatives, patient care is now as mobile and cloud-driven as we are. Our patients demand it and healthcare is responding.

Here are some examples of healthcare IoT devices:

• Memorial Sloan Kettering is using activity trackers to document what patients are engaging in before treatment of myeloma.
• Start-up Propeller Health’s connected inhaler monitors treatment compliance for COPD patients.
• Roche has a Bluetooth-linked coagulation meter that lets patients monitor their risk of stroke or bleeding.

But with all this innovation comes data security risks. It’s not surprising that increasing numbers of healthcare agencies are partnering with managed service providers (MSPs). An MSP can manage and assume the responsibility for defined services, including cost-effective cyber security strategies.

From phone apps that capture patient data through unprotected personal devices to implantable cardiac monitors that have some code vulnerabilities, we’ve entered a new era of cybersecurity risk. Here are some of the issues  we’ve seen so far:

• In January 2017, Homeland Security issued a safety warning identifying security issues within St. Jude Medical Center’s implantable cardiac devices with home transmitters. They warned that hackers could remotely take control of an implanted pacemaker or defibrillator. St. Jude responded with a software upgrade. Problem solved!
• Johnson & Johnson warned patients last year about cyber security vulnerabilities within their insulin pumps. Newer equipment models have also addressed the cyber security issues.
• We’ve written before about the October 2016 DDoS attack on Dyn. This attack occurred because hackers were able to enslave 100,000 IoT devices and target them at Dyn, who is one of the core infrastructure providers for the Internet itself.

The truth is that these incidents are just getting started. Keep in mind this is a new industry and like a lot of start-ups, whoever makes it first to market, wins. Unfortunately, in the IoT first to market doesn’t necessarily correlate with security. Many IoT devices lack the ability to change password defaults and are not encrypted. Manufacturers have begun responding by encrypting devices and the government is working to ensure these devices are adequately secured.

However, another issue falls under the umbrella of human error. For example, many hospitals still operate legacy technology. The latest ransomware attack that took down Britain’s National Health Service was primarily because they were using an outdated operating system that they had failed to upgrade. Microsoft worked hard to patch these vulnerabilities, but it illustrates the importance of human beings and their impact on the cyber security chain.

Implanted Wireless devices have obvious benefits, allowing physicians to tweak the device without forcing the patient through another invasive procedure. According to Wired, most hospitals now average 10 to 15 connected devices per bed. But the big trick now is how to keep them safe.

Get a free assessment of your risk of IoT security breach.

The FDA teamed up the National Institute of Standards and Technology and in 2014 issued their Framework for Improving Critical Infrastructure Cybersecurity. It was a good start, and we hear an update is coming.

But in the meantime, how will healthcare technologists stay abreast of the latest vulnerabilities exploited by hackers? We believe the answer lies in outsourcing security to a managed service provider.

Managed Service Providers – Your Partner in Data Security

The challenge for healthcare IT teams is to assess your network for vulnerabilities, and then develop a cohesive plan for securing it. That’s where Managed Service Providers can provide valuable assistance to a healthcare technology team already stretched by requests, rollouts, burgeoning data infrastructures, and an ever-widening gyre of technological change management.

Managed service providers can constantly monitor your network for breach by performing vulnerability scanning and penetration testing of applications and the network. In an era of IoT ecosystems, it’s clear that having a dedicated team devoted to network security and recovery shouldn’t be on your wish list any longer.

Get a free assessment of your network security by calling us today.