This article is featured in the magazine, Protecting Against Cyberattacks: A Guide for Public Safety Leaders. Download it now.
By Dr. Kevin Harris, Program Director, Cybersecurity, Information Systems Security and Information Technology Management, American Military University
Modern-day healthcare is being revolutionized by technological innovations in Internet of Things (IoT) devices including wearable, portable, and implantable devices. These devices have been essential to improving patient care.
For example, patients who need constant monitoring of vital signs can be outfitted with a wearable device that measures temperature, blood pressure, and heart rate. Patients can return home while medical personnel remotely monitor data received from the wearable devices. Medical professionals can then analyze data trends and notify a patient if it’s determined they need to seek further treatment.
Similarly, implantable devices allow for medical treatment to be administered without direct medical staff intervention, often in life-threatening situations. One such device is an implantable defibrillator that not only detects and reports when a patient’s heartbeat is irregular, but also initiates an electric shock to restore the heart’s rhythm. Other implantable devices include an insulin pump that delivers insulin based on registered levels and cochlear implants that provide the ability to hear for those who have hearing loss.
Vulnerability of IoT Devices to Cyberattack
While the benefits of IoT devices in healthcare are many, these devices can be targeted by cyberattackers. If the devices and associated data are not properly protected, not only could sensitive medical information be exposed, but lives could potentially be at risk.
If an insulin pump is compromised, an attacker could alter data and cause the pump to deliver a potentially lethal dose of insulin. If an individual’s defibrillator is accessed, not only could the patient’s life be in jeopardy, but others could also be harmed if that person is incapacitated while driving, for example.
Networked devices used by hospitals are also not immune from risk of cyberattack. For example, if an attacker were to gain access to an infant warmer, they could alter the temperature a few critical degrees, which could prove fatal.
There are also vulnerabilities in the growing trend of concierge healthcare, where medical professionals travel to the patient. While this can have many benefits, including improved and personalized medical care, there are also risks. For example, if medical providers use networked equipment in the field and receive updates to this equipment remotely, this could potentially open the door for an unauthorized party to gain access. An attacker could alter settings on the medical equipment, which could lead to incorrect diagnosis and treatment. All this could happen without the medical professional detecting the intrusion.
Regardless of whether a device is used by a medical provider or a patient, there is significant risk that an unauthorized party could access private data. Such a breach could have a devastating impact on the patient, cause strain on the relationship with their medical professional, and also require significant financial costs to rectify impeded or incorrect treatment.
Ways to Reduce Risk
To mitigate risks of cyberattack in healthcare, which has been identified as one of the critical infrastructure sectors by the Department of Homeland Security, a team approach is necessary. Software developers, manufacturers, medical facilities, regulatory bodies, users, academic institutions, and information technology professionals must all work together.
When it comes to using IoT devices, medical facilities must ensure their network infrastructure is secure. Equipment calibration verification policies and processes must be continuously reviewed and updated. Training should be provided to users and patients to ensure they’re aware of the risks associated with using IoT devices. Similarly, manufacturers need to invest in security and devices must be developed with robust encryption protocols, redundancy, and potential attack-notification systems.
As with all technological advances, safety should not be overlooked for the sake of convenience and innovation. IoT certainly has the potential to revolutionize healthcare, but the proper steps need to be taken to ensure it is secure and protected.
About the Author: Dr. Kevin Harris has 25 years of experience in the information technology field. During this time, he protected various organizations’ infrastructure and data in positions ranging from system analyst to chief information officer. His career encompasses diverse experiences both in information technology and academia. His research and passion are in the areas of cybersecurity, bridging the digital divide, and increasing diversity in the tech community. As an academic, he has served students at various types of institutions including community colleges, HBCU, public, private, graduate, undergraduate, as well as online. Dr. Harris has trained faculty from multiple institutions in the area of cybersecurity as part of an NSF multistate CSEC grant. He has delivered instruction in several disciplines, including business, computer science, and computer networking, with a particular interest in information security, cybersecurity, and computer forensics. Currently, Dr. Harris serves as program director for Cybersecurity, Information Systems Security and Information Technology Management at American Military University. To contact the author, email IPSauthor@apus.edu. For more articles featuring insight from industry experts, subscribe to In Public Safety’s bi-monthly newsletter.