Securing Internet-Connected Devices in Healthcare

SECURING_IOT_DEVICES_HEALTHCARE

 

Following the recent cyberattack on the transatlantic hospital chain Universal Health Services and the death of a patient in Germany following a ransomware incident in September, concerns have been growing about the increasing risks posed by technology in the healthcare industry. Players in the industry are keen to find out how to best secure healthcare devices connected to the internet.

The dangers of remote access

To demonstrate the need for securing healthcare devices we must look to science. Studies conducted by independent researchers into the potential vulnerabilities of medical devices such as pacemakers and defibrillators revealed grave issues. The team at Muddy Waters Research discovered that cardiac devices helping patients stay alive could have their batteries remotely depleted by attackers. Other researchers showed how these pacemakers could also be manipulated remotely to withhold or administer shocks to their patients.

Protocols adopted by the FDA

These concerns were noted by the Food and Drug Administration (FDA) leading to the issuance of protocols surrounding cybersecurity within the healthcare industry and associated medical devices. The FDA didn’t stop there but also released a series of guidelines for manufacturers that are geared at helping maintain and promote healthcare IoT security.

Guidelines for healthcare IT teams

With hospitals accounting for 30% of all major data breaches it is safe to say that securing healthcare devices is a top priority for many medical facilities. Some steps that can be adopted by IT teams working in medical facilities include:

Auditing devices – this is by no means an easy undertaking but you cannot protect what is not known to you. IT teams need to carry out an audit and create a catalog of every device that will be granted access to the network.

Establish authentication systems – how will you prevent unauthorized devices from connecting to your system? Devise a strategy around this aspect.

Partition networks – do you have everyone working on the same network or have you properly segmented networks according to departments? This is recommended because, in the event of a breach, hackers won’t have access to the entire network.

Invest in secure solutions – Despite the healthcare industry being the victim of 88% of all ransomware incidents in the country in 2016, only 6% is spent on cybersecurity annually. This is a cause for great concern.

#BeCyberSmart and invest in next-generation solutions

If you are ready to invest in additional cyber protection, Cybeta offers you cybersecurity solutions that are geared at helping with securing healthcare devices. Contact us for more information.