IoT Connected Healthcare Devices: Challenges In Cybersecurity And The Way Forward IoT devices are dominating the healthcare industry today. From patient monitoring to anesthesia to radiology devices, they form the wheels driving the medical sector. But, is human error the sole factor behind hard-coded credentials, lack of authentication, and other vulnerabilities, or is it because of wrong or lazy decisions?

By Remesh Ramachandran

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

remeshr.com

Cyberattacks can have a catastrophic effect on patient safety, which trickles down to the medical staff's responsiveness. Health emergencies such as heart attacks are the win and lose situations where minutes decide whether a person will live or die. Hence, it becomes crucial to understand and mitigate the worst-case scenarios in case of such attacks.

What are the most critical endpoints when it comes to hospital cybersecurity?

Healthcare organizations are the new focus of attackers for carrying out Internet-of-Things (IoT)-focused cyberattacks. The most critical endpoints from the hospital security viewpoint are patient monitoring, ventilation, anesthesia, infusion pumps, etc.

The next critical pieces of equipment in the defense line are diagnostic machines such as lab and radiology devices, which can have a severe impact when faced with a cyberattack. Even wireless tags, connected washers, access controls, and other devices that play an insignificant role in medical flow can affect the medical staff's response time.

What is the relation between complex medical device value chains and the security of connected devices?

The complex medical device supply chains allow vendors and hospital administrators to pass the buck around the crucial security best practices. Hospital administrators think that device manufacturers are responsible, while device manufacturers believe security is the hospital staff's domain. The huge expectations from other people make medical device security difficult.

Hence, it is crucial to ingrain hospital device security at the earliest stages of development.

What are the challenges in vulnerability research of medical devices?

Challenges related to access:

● Device procurement costs are prohibitive.

● Government laws and policies which deter vendors from selling to non-hospitals.

● Complexities in installation, calibration, and configuration.

Challenges related to the relationship between vendors and researchers:

● If the relationship is not suitable, it will become challenging for both sides to work together to improve security.

● If hospitals continue to use vulnerable devices without patching, then a good relationship is also not fruitful.

Hence, it becomes crucial for all stakeholders to come together to dial down real-world exposure.

Responsible disclosure—are institutional bodies playing their part?

Cybersecurity is still a new sphere in which healthcare organizations are starting to enter. Not only the industry but the government and other national oversight bodies are still not entirely standardized. Due to this fact, organizations do not know what the reporting procedures, which controls apply to whom, who is the person responsible in case of a catastrophe, etc.

Similarly, it is often seen that factors that govern the disclosure timeline are opaque, and the guiding logic is unclear from the institutional perspective. The institutional bodies which oversee disclosures such as the CISA cannot often withhold disclosures until patches are developed. Hence, there is a need for CISA to work closely with bodies such as the FDA. They can make responsible disclosure crucial for the long-term security of the health industry.

Advice to the CISO who is in pursuit of security of the connected devices in the organization

Automation is the key to a secure health organization in today's world. The manual work of securing the connected devices, their numerous models, and deployments with a separate set of permissions and rules can severely burden the workforce and monetary resources of the organization. In the health industry, automation becomes crucial because there is a continually changing environment inside and outside the hospital.

The best option is to choose a solution that is tailor-made for the health industry. It will be familiar with the medical devices' unique protocols and will work round-the-clock to help detect and remove vulnerabilities.

Final Words

IoT is the thread that is connecting everyday devices faster than ever. In the future, these devices (especially in the medical sector) will become the most significant liabilities from a security point of view. It will be cumbersome for manufacturers, who had kept cybersecurity on the back burner until now, to become experts in cybersecurity. Furthermore, agent-based security solutions require frequent updates, which becomes challenging in IoT devices. Hence, third-party centralized solutions are the go-to choice for the medical industry when it comes to the security of IoT devices.

Wavy Line
Remesh Ramachandran

CISO | Security Researcher | Ethical hacker

Remesh Ramachandran is an ethical hacker. He has solved several sophisticated cybercrime and real-world hacking cases, and has worked for the government and various other national and international agencies. Remesh is currently working as a CISO (Chief Information Security Officer) for an organisation.

Related Topics

Growing a Business

How to Disrupt Hustle Culture and Build a Business That Supports Your Wellness

You can leave work at five each day. You can turn off your phone in the evenings and take weekends off. You can exercise. You can be fully present with your family. You will be better for it, and so will your business.

Growing a Business

14 Easy Ways to Rank Your Website Higher on Google

Despite Google's algorithm and regular updates, you can quickly boost your website's ranking with these tips.

Business News

Mark Zuckerberg Delivers Dorky Diss of Apple's Pricey New Headset

The CEO let his Meta team know what he thinks about Apple's Vision Pro, and he did not hold back.

Growing a Business

How to Grow Your Business With Social Media

Miriam Fried, owner of MF Strong, shares why a solid online presence, including social media and Yelp, is important for starting a business and achieving continued growth.

Leadership

5 Traits and Characteristics of Successful Entrepreneurs in 2023

Entrepreneurship has become the new trending topic in the business world. In 2023, the entrepreneurial world is expected to flourish more than ever, and it will take a certain set of skills to be a successful entrepreneur. This article highlights what it takes to be a successful entrepreneur in 2023.