Technology has revolutionised the way hospitals operate. When a patient enters a hospital, the results of their tests, x-rays, or other analyses can be electronically sent to a doctor, who can then complete a diagnosis without a single piece of paper changing hands. This is due in large part to the many innovative, network-connected medical devices healthcare organisations are adopting, commonly known as the Internet of Medical Things (IoMT).
Modern healthcare IT connects people and devices to the hospital network, so information can be quickly transferred from one device to another. A doctor on their way to visit a patient can receive real-time information about that patient’s condition sent from a diagnostic device to their mobile device.
These new tools and technologies have raised the level of service in hospitals, but these connected devices are tempting to hackers, who are bent on finding ways to exploit a network. The emergence of the Internet of Medical Things represents opportunities for better healthcare, but it also represents increased opportunities for malicious actors to steal and manipulate data.
1. Gauge the risks of the Internet of Medical Things
One of the most basic, yet essential, ways to prevent hacks is to make sure you’re on the newest and most secure version of your operating system. However, while upgrading a PC or smartphone to a new operating system is a relatively straightforward process, the same isn’t true for medical equipment.
Recent data from the United Kingdom and the United States, for example, suggests that Windows XP is still prevalent in hospitals and other healthcare organisations. While there’s a desire to move to newer and safer software, it’s not possible in every situation, as software updates could cause some equipment to not function as expected.
Additionally, many of the devices forming the Internet of Medical Things were not designed with cybersecurity in mind. In one of the most famous examples, the pacemaker of former US Vice President Dick Cheney was remotely accessible over Wi-Fi. The external connectivity was designed so his doctors could monitor Cheney’s heart rate and make adjustments to the life-saving device without an invasive medical procedure.
In a major oversight, the manufacturer of the device and the medical professionals who installed it failed to secure it adequately. If a malicious actor had been aware, the device could have been manipulated remotely, resulting in Cheney’s assassination. Ultimately, the wireless connectivity had to be disabled for his safety. This perfectly demonstrates that while the healthcare industry is aware of medical risks, it is less aware of the risks posed to their environments by new technologies.
Every device connected to the hospital network can potentially be compromised by threat actors. While the potential benefits of increased communications and connectivity are substantial and worth pursuing, you need to recognise these risks and put appropriate mitigation measures in place.
2. Set up smart strategies for a strong defence
Luckily, it’s not all doom and gloom. You can deploy technology securely and in a way that manages risks—all it takes is a little planning.
Security starts with end users. Attacks against hospitals are best prevented when users know about risks, so they can act as the first level of protection. Good user behaviours, such as ensuring workstations are locked when unattended and using strong passwords, can make a significant difference to healthcare IT security. It’s also important to train users to recognise phishing attempts.
When it comes to the individual devices, try to stay on top of security upgrades and patching. If you’re using medical devices that cannot upgrade to the most recent software without impacting performance, you can protect them with network segmentation.
When a new device is connected to the hospital network, enforce policies that prevent most other devices from accessing it, and configure the computers it must connect to with the utmost security. If external access, either to third parties or the internet, is required, all network traffic to and from the device should be monitored with an alert system to recognise unusual behaviour.
3. Select devices designed for security
Many connected devices, including newer Internet of Medical Things equipment, can automatically detect when there’s an attempt to alter a device’s operating software or configuration. For example, modern printers that come equipped with security features can detect unwanted access and self-heal from attacks. The same technology is also available in laptops, so healthcare IT systems can operate on devices that offer a degree of self-protection.
The Internet of Medical Things has had a profound impact on healthcare IT. While these new tools bring some new risks, you can meet those challenges head on, resulting in a better experience for patients and healthcare professionals.