You can be on Entrepreneur’s cover!

IoT Connected Healthcare Devices: Challenges In Cybersecurity And The Way Forward IoT devices are dominating the healthcare industry today. From patient monitoring to anesthesia to radiology devices, they form the wheels driving the medical sector. But, is human error the sole factor behind hard-coded credentials, lack of authentication, and other vulnerabilities, or is it because of wrong or lazy decisions?

By Remesh Ramachandran

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

remeshr.com

Cyberattacks can have a catastrophic effect on patient safety, which trickles down to the medical staff's responsiveness. Health emergencies such as heart attacks are the win and lose situations where minutes decide whether a person will live or die. Hence, it becomes crucial to understand and mitigate the worst-case scenarios in case of such attacks.

What are the most critical endpoints when it comes to hospital cybersecurity?

Healthcare organizations are the new focus of attackers for carrying out Internet-of-Things (IoT)-focused cyberattacks. The most critical endpoints from the hospital security viewpoint are patient monitoring, ventilation, anesthesia, infusion pumps, etc.

The next critical pieces of equipment in the defense line are diagnostic machines such as lab and radiology devices, which can have a severe impact when faced with a cyberattack. Even wireless tags, connected washers, access controls, and other devices that play an insignificant role in medical flow can affect the medical staff's response time.

What is the relation between complex medical device value chains and the security of connected devices?

The complex medical device supply chains allow vendors and hospital administrators to pass the buck around the crucial security best practices. Hospital administrators think that device manufacturers are responsible, while device manufacturers believe security is the hospital staff's domain. The huge expectations from other people make medical device security difficult.

Hence, it is crucial to ingrain hospital device security at the earliest stages of development.

What are the challenges in vulnerability research of medical devices?

Challenges related to access:

● Device procurement costs are prohibitive.

● Government laws and policies which deter vendors from selling to non-hospitals.

● Complexities in installation, calibration, and configuration.

Challenges related to the relationship between vendors and researchers:

● If the relationship is not suitable, it will become challenging for both sides to work together to improve security.

● If hospitals continue to use vulnerable devices without patching, then a good relationship is also not fruitful.

Hence, it becomes crucial for all stakeholders to come together to dial down real-world exposure.

Responsible disclosure—are institutional bodies playing their part?

Cybersecurity is still a new sphere in which healthcare organizations are starting to enter. Not only the industry but the government and other national oversight bodies are still not entirely standardized. Due to this fact, organizations do not know what the reporting procedures, which controls apply to whom, who is the person responsible in case of a catastrophe, etc.

Similarly, it is often seen that factors that govern the disclosure timeline are opaque, and the guiding logic is unclear from the institutional perspective. The institutional bodies which oversee disclosures such as the CISA cannot often withhold disclosures until patches are developed. Hence, there is a need for CISA to work closely with bodies such as the FDA. They can make responsible disclosure crucial for the long-term security of the health industry.

Advice to the CISO who is in pursuit of security of the connected devices in the organization

Automation is the key to a secure health organization in today's world. The manual work of securing the connected devices, their numerous models, and deployments with a separate set of permissions and rules can severely burden the workforce and monetary resources of the organization. In the health industry, automation becomes crucial because there is a continually changing environment inside and outside the hospital.

The best option is to choose a solution that is tailor-made for the health industry. It will be familiar with the medical devices' unique protocols and will work round-the-clock to help detect and remove vulnerabilities.

Final Words

IoT is the thread that is connecting everyday devices faster than ever. In the future, these devices (especially in the medical sector) will become the most significant liabilities from a security point of view. It will be cumbersome for manufacturers, who had kept cybersecurity on the back burner until now, to become experts in cybersecurity. Furthermore, agent-based security solutions require frequent updates, which becomes challenging in IoT devices. Hence, third-party centralized solutions are the go-to choice for the medical industry when it comes to the security of IoT devices.

Remesh Ramachandran

CISO | Security Researcher | Ethical hacker

Remesh Ramachandran is an ethical hacker. He has solved several sophisticated cybercrime and real-world hacking cases, and has worked for the government and various other national and international agencies. Remesh is currently working as a CISO (Chief Information Security Officer) for an organisation.

Business News

James Clear Explains Why the 'Two Minute Rule' Is the Key to Long-Term Habit Building

The hardest step is usually the first one, he says. So make it short.

News and Trends

What Led Elon Musk To Postpone India Trip

'Heavy Obligations', global layoffs and huge bot operations running on the micro-blogging site X, the reasons are plenty

Growth Strategies

5 Lessons I Learnt As An Entrepreneur Over The Last Decade

Co-Founder and CEO of Paisabazaar shares some insights he gained while building PaisaBazaar that hopefully would help young entrepreneurs starting

Marketing

5 Ways ChatGPT Will Impact Digital Marketing

ChatGPT is creating ripples across the digital landscape right now. Here are five ways it can benefit your ads, campaigns and marketing strategies.

Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

Marketing

Welcome to Guest Blogging 101

The first step is to produce an amazing piece of writing that stands out from the crowd.