Get All Access for $5/mo

IoT Connected Healthcare Devices: Challenges In Cybersecurity And The Way Forward IoT devices are dominating the healthcare industry today. From patient monitoring to anesthesia to radiology devices, they form the wheels driving the medical sector. But, is human error the sole factor behind hard-coded credentials, lack of authentication, and other vulnerabilities, or is it because of wrong or lazy decisions?

By Remesh Ramachandran

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

remeshr.com

Cyberattacks can have a catastrophic effect on patient safety, which trickles down to the medical staff's responsiveness. Health emergencies such as heart attacks are the win and lose situations where minutes decide whether a person will live or die. Hence, it becomes crucial to understand and mitigate the worst-case scenarios in case of such attacks.

What are the most critical endpoints when it comes to hospital cybersecurity?

Healthcare organizations are the new focus of attackers for carrying out Internet-of-Things (IoT)-focused cyberattacks. The most critical endpoints from the hospital security viewpoint are patient monitoring, ventilation, anesthesia, infusion pumps, etc.

The next critical pieces of equipment in the defense line are diagnostic machines such as lab and radiology devices, which can have a severe impact when faced with a cyberattack. Even wireless tags, connected washers, access controls, and other devices that play an insignificant role in medical flow can affect the medical staff's response time.

What is the relation between complex medical device value chains and the security of connected devices?

The complex medical device supply chains allow vendors and hospital administrators to pass the buck around the crucial security best practices. Hospital administrators think that device manufacturers are responsible, while device manufacturers believe security is the hospital staff's domain. The huge expectations from other people make medical device security difficult.

Hence, it is crucial to ingrain hospital device security at the earliest stages of development.

What are the challenges in vulnerability research of medical devices?

Challenges related to access:

● Device procurement costs are prohibitive.

● Government laws and policies which deter vendors from selling to non-hospitals.

● Complexities in installation, calibration, and configuration.

Challenges related to the relationship between vendors and researchers:

● If the relationship is not suitable, it will become challenging for both sides to work together to improve security.

● If hospitals continue to use vulnerable devices without patching, then a good relationship is also not fruitful.

Hence, it becomes crucial for all stakeholders to come together to dial down real-world exposure.

Responsible disclosure—are institutional bodies playing their part?

Cybersecurity is still a new sphere in which healthcare organizations are starting to enter. Not only the industry but the government and other national oversight bodies are still not entirely standardized. Due to this fact, organizations do not know what the reporting procedures, which controls apply to whom, who is the person responsible in case of a catastrophe, etc.

Similarly, it is often seen that factors that govern the disclosure timeline are opaque, and the guiding logic is unclear from the institutional perspective. The institutional bodies which oversee disclosures such as the CISA cannot often withhold disclosures until patches are developed. Hence, there is a need for CISA to work closely with bodies such as the FDA. They can make responsible disclosure crucial for the long-term security of the health industry.

Advice to the CISO who is in pursuit of security of the connected devices in the organization

Automation is the key to a secure health organization in today's world. The manual work of securing the connected devices, their numerous models, and deployments with a separate set of permissions and rules can severely burden the workforce and monetary resources of the organization. In the health industry, automation becomes crucial because there is a continually changing environment inside and outside the hospital.

The best option is to choose a solution that is tailor-made for the health industry. It will be familiar with the medical devices' unique protocols and will work round-the-clock to help detect and remove vulnerabilities.

Final Words

IoT is the thread that is connecting everyday devices faster than ever. In the future, these devices (especially in the medical sector) will become the most significant liabilities from a security point of view. It will be cumbersome for manufacturers, who had kept cybersecurity on the back burner until now, to become experts in cybersecurity. Furthermore, agent-based security solutions require frequent updates, which becomes challenging in IoT devices. Hence, third-party centralized solutions are the go-to choice for the medical industry when it comes to the security of IoT devices.

Remesh Ramachandran

CISO | Security Researcher | Ethical hacker

Remesh Ramachandran is an ethical hacker. He has solved several sophisticated cybercrime and real-world hacking cases, and has worked for the government and various other national and international agencies. Remesh is currently working as a CISO (Chief Information Security Officer) for an organisation.

News and Trends

Startup Community Grieves the Sudden Demise of Rohan Malhotra, Beloved Leader of Good Capital

From HSBC intern to Good Capital's Managing Partner, Rohan Malhotra's journey spans co-founding Investopad and advising AngelList India, showcasing his expertise in fostering startups and driving innovation.

Science & Technology

How AI-Driven Personalization Is Transforming the Retail Industry and Enhancing Customer Experiences

AI will be one of the driving forces behind maximizing personalization and changing the face of retail as we know it today.

Business News

Meta Says Its New Movie Gen AI Is an Industry First — But a Demo Shows It Isn't Perfect

Movie Gen is too expensive to be released to the public yet, according to Meta's chief product officer.

Business News

U.S. Job Market Soared in September, Exceeding Analysts Expectations

The news comes after July and August had weaker-than-expected numbers.

Franchise

How California's New Disclosure Law Could Affect Franchise Sales Nationwide

The bipartisan legislation introduces new registration and pre-sale disclosure requirements for third-party franchise sellers, including brokers, broker networks and franchise sales organizations.