Source: IN Public Safety | Author: Dr. Kevin Harris l 18 October 2019 

Modern-day healthcare is being revolutionized by technological innovations in Internet of Things (IoT) devices including wearable, portable, and implantable devices. These devices have been essential to improving patient care.

For example, patients who need constant monitoring of vital signs can be outfitted with a wearable device that measures temperature, blood pressure, and heart rate. Patients can return home while medical personnel remotely monitor data received from the wearable devices. Medical professionals can then analyze data trends and notify a patient if it’s determined they need to seek further treatment.

Similarly, implantable devices allow for medical treatment to be administered without direct medical staff intervention, often in life-threatening situations. One such device is an implantable defibrillator that not only detects and reports when a patient’s heartbeat is irregular, but also initiates an electric shock to restore the heart’s rhythm. Other implantable devices include an insulin pump that delivers insulin based on registered levels and cochlear implants that provide the ability to hear for those who have hearing loss.

Vulnerability of IoT Devices to Cyberattack

While the benefits of IoT devices in healthcare are many, these devices can be targeted by cyberattackers. If the devices and associated data are not properly protected, not only could sensitive medical information be exposed, but lives could potentially be at risk.

If an insulin pump is compromised, an attacker could alter data and cause the pump to deliver a potentially lethal dose of insulin. If an individual’s defibrillator is accessed, not only could the patient’s life be in jeopardy, but others could also be harmed if that person is incapacitated while driving, for example.

Networked devices used by hospitals are also not immune from risk of cyberattack. For example, if an attacker were to gain access to an infant warmer, they could alter the temperature a few critical degrees, which could prove fatal.

There are also vulnerabilities in the growing trend of concierge healthcare, where medical professionals travel to the patient. While this can have many benefits, including improved and personalized medical care, there are also risks. For example, if medical providers use networked equipment in the field and receive updates to this equipment remotely, this could potentially open the door for an unauthorized party to gain access. An attacker could alter settings on the medical equipment, which could lead to incorrect diagnosis and treatment. All this could happen without the medical professional detecting the intrusion.

Regardless of whether a device is used by a medical provider or a patient, there is significant risk that an unauthorized party could access private data. Such a breach could have a devastating impact on the patient, cause strain on the relationship with their medical professional, and also require significant financial costs to rectify impeded or incorrect treatment.

Ways to Reduce Risk

To mitigate risks of cyberattack in healthcare, which has been identified as one of the critical infrastructure sectors by the Department of Homeland Security, a team approach is necessary. Software developers, manufacturers, medical facilities, regulatory bodies, users, academic institutions, and information technology professionals must all work together.

When it comes to using IoT devices, medical facilities must ensure their network infrastructure is secure. Equipment calibration verification policies and processes must be continuously reviewed and updated. Training should be provided to users and patients to ensure they’re aware of the risks associated with using IoT devices. Similarly, manufacturers need to invest in security and devices must be developed with robust encryption protocols, redundancy, and potential attack-notification systems.

As with all technological advances, safety should not be overlooked for the sake of convenience and innovation. IoT certainly has the potential to revolutionize healthcare, but the proper steps need to be taken to ensure it is secure and protected.