IoT Connected Healthcare Devices: Challenges In Cybersecurity And The Way Forward IoT devices are dominating the healthcare industry today. From patient monitoring to anesthesia to radiology devices, they form the wheels driving the medical sector. But, is human error the sole factor behind hard-coded credentials, lack of authentication, and other vulnerabilities, or is it because of wrong or lazy decisions?

By Remesh Ramachandran

Opinions expressed by Entrepreneur contributors are their own.

You're reading Entrepreneur India, an international franchise of Entrepreneur Media.

Cyberattacks can have a catastrophic effect on patient safety, which trickles down to the medical staff's responsiveness. Health emergencies such as heart attacks are the win and lose situations where minutes decide whether a person will live or die. Hence, it becomes crucial to understand and mitigate the worst-case scenarios in case of such attacks.

What are the most critical endpoints when it comes to hospital cybersecurity?

Healthcare organizations are the new focus of attackers for carrying out Internet-of-Things (IoT)-focused cyberattacks. The most critical endpoints from the hospital security viewpoint are patient monitoring, ventilation, anesthesia, infusion pumps, etc.

The next critical pieces of equipment in the defense line are diagnostic machines such as lab and radiology devices, which can have a severe impact when faced with a cyberattack. Even wireless tags, connected washers, access controls, and other devices that play an insignificant role in medical flow can affect the medical staff's response time.

What is the relation between complex medical device value chains and the security of connected devices?

The complex medical device supply chains allow vendors and hospital administrators to pass the buck around the crucial security best practices. Hospital administrators think that device manufacturers are responsible, while device manufacturers believe security is the hospital staff's domain. The huge expectations from other people make medical device security difficult.

Hence, it is crucial to ingrain hospital device security at the earliest stages of development.

What are the challenges in vulnerability research of medical devices?

Challenges related to access:

● Device procurement costs are prohibitive.

● Government laws and policies which deter vendors from selling to non-hospitals.

● Complexities in installation, calibration, and configuration.

Challenges related to the relationship between vendors and researchers:

● If the relationship is not suitable, it will become challenging for both sides to work together to improve security.

● If hospitals continue to use vulnerable devices without patching, then a good relationship is also not fruitful.

Hence, it becomes crucial for all stakeholders to come together to dial down real-world exposure.

Responsible disclosure—are institutional bodies playing their part?

Cybersecurity is still a new sphere in which healthcare organizations are starting to enter. Not only the industry but the government and other national oversight bodies are still not entirely standardized. Due to this fact, organizations do not know what the reporting procedures, which controls apply to whom, who is the person responsible in case of a catastrophe, etc.

Similarly, it is often seen that factors that govern the disclosure timeline are opaque, and the guiding logic is unclear from the institutional perspective. The institutional bodies which oversee disclosures such as the CISA cannot often withhold disclosures until patches are developed. Hence, there is a need for CISA to work closely with bodies such as the FDA. They can make responsible disclosure crucial for the long-term security of the health industry.

Advice to the CISO who is in pursuit of security of the connected devices in the organization

Automation is the key to a secure health organization in today's world. The manual work of securing the connected devices, their numerous models, and deployments with a separate set of permissions and rules can severely burden the workforce and monetary resources of the organization. In the health industry, automation becomes crucial because there is a continually changing environment inside and outside the hospital.

The best option is to choose a solution that is tailor-made for the health industry. It will be familiar with the medical devices' unique protocols and will work round-the-clock to help detect and remove vulnerabilities.

Final Words

IoT is the thread that is connecting everyday devices faster than ever. In the future, these devices (especially in the medical sector) will become the most significant liabilities from a security point of view. It will be cumbersome for manufacturers, who had kept cybersecurity on the back burner until now, to become experts in cybersecurity. Furthermore, agent-based security solutions require frequent updates, which becomes challenging in IoT devices. Hence, third-party centralized solutions are the go-to choice for the medical industry when it comes to the security of IoT devices.

Remesh Ramachandran

CISO | Security Researcher | Ethical hacker

Remesh Ramachandran is an ethical hacker. He has solved several sophisticated cybercrime and real-world hacking cases, and has worked for the government and various other national and international agencies. Remesh is currently working as a CISO (Chief Information Security Officer) for an organisation.

Related Topics

Starting a Business

5 Solopreneur Mindset Shifts and Why They're Critical to Your Success

As a solopreneur, don't reinvent the wheel or start from scratch. You are here because you have two things: an idea and passion.


Survival Kit for Solopreneurs: 5 AI Tools to Maximize Productivity

The entrepreneurial journey is not a straightforward one. Rather it requires the founder to don multiple hats for marketing, sales, ideation, content curation, and raising funds. Solopreneurs of today are being molded to lead the businesses of tomorrow. And they do require some helping hands in the form of artificial intelligence.

Personal Finance

5 Entrepreneurial Mindset Principles That Empower Financial Literacy

Adopting the right mindset is key to financial literacy. Follow these five guiding principles to enhance your understanding of wealth creation and growth.

Data & Recovery

Get Up to Date on CISSP Security and Risk Management

Protecting your business is crucial, but you don't need to hire a full-scale IT and cybersecurity team to do it.

News and Trends

Tracing The History Of Gandhi's Portrait On Banknotes

On the 151st birth anniversary of the Father of the Nation, Entrepreneur India traces the origin and history of his portrait on banknotes.

Money & Finance

How to Make Money Online: 10 Proven Ways to Make Money Online

Need to know how to make money online as a side gig or new career? Check out this breakdown of the 10 top online money-making methods.