In today’s highly value-focused businesses, treating patients in the closed wall of hospitals is thing of the past; the patients and payers (insurance payers) are expecting high-quality services and low cost. To survive in the highly competitive market, healthcare institutions are riding on the wave of digitization. The industry is evolving new operating models and the new generation of technologies to provide efficient services either in a hospital environment or from the patient’s home.
Wireless and sensor-based medical devices are one of the most significant innovations in healthcare. These devices seamlessly do the patient management, efficient communication and early intervention.
The demand for better-connected healthcare systems, remote patient monitoring devices are expected to keep the value rising, with a forecasted CAGR of 37.6 percent through 2020.
In this article we will discuss remote health monitoring devices, these are nothing but the sensors, scanners, clinical systems that are connected to the internet. These devices fall in the subcategory of Internet Of the Things (IoT) devices called as Internet Of the Medical Things (IoMT)
IoMT devices and Security Concerns
The IoMT devices have the potential to be both a blessing and a curse. The devices capture patients data by monitor health remotely and provide inputs for accurate diagnosis and timely treatment. The cyber-criminals see opportunities in these increasingly ubiquitous devices by launching attacks to tamper these devices, get an entryway to a hospital’s network, or gain inappropriate access to sensitive personal and healthcare information.
The biggest concern of IoMT and its eco-system is the breach of confidentiality and integrity of the data that exchanges between the eco-system. This data includes personal information, clinical data, health-related information.
The integrity of the data means the accuracy of capturing, transferring and storing data untampered. The data exchanged in IoMT eco-system is used for diagnosis and treatment of the patients; Any attack on a single IV infusion pump can be leveraged to a widespread breach that exposes patient records. The malicious intention attackers can use this patient information to file false insurance claims as well as to buy medical equipment and drugs using a fake ID. Any alteration or changes to patients health records (integrity) can lead to wrong diagnosis and/or treatment which can have bad consequences on patient’s health.
“It seems like I read new headlines every day about the latest cyber-attack targeting health institutions, many of which have involved IoMT devices,” Rasu Shrestha, M.D., chief innovation officer at UPMC reference
As per the KPMG /Forbes Insights Cyber-Security Survey that attacks on the healthcare, institutes are composed mainly malware, internal theft or negligence, and ransomware.
The IoMTs are the devices those are used and managed by the end-users. This increases the attack surface, a possibility of vulnerability exploitation.
The Current State of IoMT
Apart from the security concerns specifically related to IoMT devices, following apprehensions applicable to IoT devices are applicable to IoMT devices as well,
- Continuously connected to the internet
- No or minimal security features as a part of design
- Devices captures and exchanges data personal and sensitive data
Few examples of IoMT devices compromise: Attackers could,
- Alter an insulin pump to increase the flow of insulin to a diabetic patient’s bloodstream, killing the patient rather quickly
- Manipulate a heartbeat monitor, for example, to indicate that a patient’s heart has stopped when it, in fact, has not. This scenario could prompt a physician to jolt the patient with 300 volts of electricity
Apart from these new generation IoMTs, many connected Biomed devices lack basic protections against common attacks precisely because they weren’t initially designed to even connect to a network.
The awareness that IoMT devices needs special security protection is almost absent, Zingbox a leading Internet of Things (IoT) security solution provider published results of its survey of IT decision-makers within the healthcare industry
“More than 90% of healthcare IT networks have IoT devices connected to them and over 70% believe that the traditional security solutions used to secure laptops and servers are sufficient to secure IoT connected medical devices.”
The attacks on the healthcare institutions are increasing as per Atif Ghauri who is primarily responsible for Managed Security Services customer engagement and service development at Herjavec Group, a global information security company
“Healthcare is the most hacked vertical we’re seeing right now and what makes this industry different is that it affects everyone not just financially but personally”
Way to go .. Initiatives to Improve the IoMT Security
The IoMT device makers are working on adding more security features as well as patching the vulnerabilities. There are some good initiatives are taken by the industry,
The “I Am The Cavalry”, has created a Hippocratic Oath for Connected Medical Devices to encourage device makers to embrace better security practices.
The device designers and manufacturers should:
- Consider these devices are part of larger healthcare echo system
- The data should be encrypted before transmission
- Share the data that is required, only when it is necessary
The regulatory bodies are imposing more and more stringent guidelines and standards on developers of safety-critical equipment, such as FDA, IEC, and ISO standards.
The golden era of the healthcare industry is approaching fast but the industry needs to handle the cybersecurity challenges on the priority basis.