Securing IoT In Long Term Healthcare
There is no doubt IoT technology is having a profound impact on the healthcare industry. Recent studies reveal 70% of all best-selling wearables are dedicated to the health and wellness industry, with experts predicting 40% of all IoT-driven devices will be used in healthcare by 2026. IoT devices offer exceptional benefits for improving operational efficiency, patient outcomes, and reductions of costs in healthcare environments.
Unfortunately, many IoT devices bring with them fundamental security threats that pose massive risks to the entire long-term care facilities. Hackers now exploit vulnerabilities in any type of connected device to conduct a range of cyber-attacks targeting nursing homes, assisted living facilities, and their residents.
Critical statistics on IoT health care devices and security vulnerabilities:
- A recent study estimates 82% of healthcare organizations that have implemented IoT devices have experienced an IoT-focused cyberattack targeting one or more of those devices in the last year.
- In 2019, 33% of organizations implementing IoT technology expressed substantial security concerns regarding attacks on devices. Typically, 99% of the respondents revealed a lack of skilled personnel and the absence of robust data protection strategies as their top security concern with IoT devices.
- A 2019 report from Vectra shows 59% of medical device IoT security breaches come from within the organization. This means that human error causes threats more often than the targeted actions of attackers.
Cyber Threats in Long Term Care Facilities: The IoT Devices Risk Factors
Typically, every device that leverages a network increases a vulnerability referred to as the “attack surface.” While this vulnerability is easy to mitigate and control in most common devices such as computers and phones, it is not so simple with IoT devices. Here are some of the risk factors that make IoT devices vulnerable in healthcare environments:
- Lack of top-notch security designs: Unlike standard endpoints such as Android phones and Windows computers, IoT devices are usually left unmanaged and unattended. They are typically designed with few security considerations in mind. Lack of top-notch security features ultimately exposes the IoT networks to a range of attacks.
- Legacy operating systems: Nearly half of the healthcare-connected devices such as ultrasound and MRI machines run on legacy operating systems that are no longer maintained or supported. This means that there is no security support or patches available for them. Constant updates and patches eliminate the system and network vulnerabilities.
- Lack of cyber security certification and standardization: There is also a lack of proper accreditation and standardization for cyber security in most medical devices, which ultimately exposes IoT devices to a range of security vulnerabilities that cybercriminals exploit at will.
- Lack of standardized interfaces and controls: Some IoT devices designed for the healthcare industry lack standardized interfaces and controls, thus making it a challenge to develop a uniform security policy, upgrade software, or even implement strong passwords at will.
How to Secure IoT Devices in Long-Term Healthcare Care
The latest cyber security best practices require a multilayered IoT security strategy to reduce risks and mitigate threats.
The following are a few tips to help secure your health care IoT infrastructure.
Set policies on network access
The first step to secure the network supporting IoT infrastructure is to understand what is running on it. In a long-term care facility environment, it is not only your IT team connecting devices through wireless systems. In essence, every employee with working IT knowledge will connect all kinds of devices into the IoT network, increasing vulnerabilities.
To reduce risks of breaches, consider leveraging modern Network Access Control (NAC) solutions to achieve a granular and centralized, role-based management and network segmentation. Such a solution helps you establish policies regarding the ideal devices and things that can access the network and those that should never.
A perfect NAC solution monitors network connections 24/7 to quarantine any device prohibited from accessing the network. The solution also sends an alert to the IT team for remedial action whenever a prohibited device tries to access a network. With such an alert feature, the IT team will assess whether a quarantine alert is due to a biomedical technician trying to connect a new patient device or it is due to a suspicious activity that needs further investigation.
Determine the role of users, devices, and things
Controlling IoT access demands that you control both the devices and humans connecting to them. Before you decide on the type of access to grant a person or an IoT device, it is critical to know the role each plays. An ideal place to start is finding out why a person or a device is seeking network access before you grant the access. Determining user roles is specifically crucial in long-term care environments because most health care IT professionals are hired from outside the field.
Incorporate real-time intelligence to detect subtle changes
Cyber threats keep evolving, and actors will always try to find their way into your network no matter how secured your infrastructure is. As such, you need to infuse some of the most advanced defenses, such as the sophisticated analytics and artificial intelligence (AI)-based machine learning solutions that spot subtle changes in user or device behavior that would otherwise go undetected. Such behaviors often indicate an actor has maneuvered through perimeter defenses to compromise a network.
Change default credentials and passwords
Experts estimate that the most significant IoT-related breaches to date come from a failure to change default credentials. Allowing your facility’s IoT devices to operate with manufacturer-supplied usernames and passwords increases the risk of a successful attack tenfold. While changing default credentials and passwords, consider assigning role-based credentials that take into account today’s recommendation for character combinations and length. This enables one set of credentials for all your infusion pumps and the other medical device types.
Train your staff on best practices
There is no doubt; cybersecurity is all about the people. Your team plays a critical role in the war against breaches, and without proper staff training, even the most sophisticated systems on the planet won’t protect your network. Most inadequate practices that expose your network to attacks stem from insufficient understanding. This implies that the training on IoT device security policies is critical to enforcing established security protocols that protect your networks.
Demand for improved device security
Medical and facilities device vendors often have little regard for security implications when designing their products. It is no surprise then that most products lack IT networking standards that support abilities to leverage and store encryption keys on the device. As the IoT-enabled device purchaser, you should insist that vendors incorporate best-practice security protocols on their product design and development blueprints before making any investments. This will ultimately challenge them to improve their solutions when making devices that comply with security expectations.
Get Professional Help
There is little doubt that the Internet of Things (IoT) has become a necessary part of long-term care facilities’ daily operations. From electronic skin patches, smartwatches, glucose monitors to connected inhalers, IoT medical devices enable non-critical patients to be monitored at home, thus reducing hospital admissions and improving communications between patients, doctors, and long-term care facility professionals.
Unfortunately, as the network of smart devices grows in number and complexity, so do the typical cybersecurity risks that accompany them. As these risks advance, long-term care facilities need to take proactive actions to mitigate them.
If you need help implementing a robust strategy to secure your IoT infrastructure, don’t hesitate to contact Veltec Networks. Our team of IT security experts will make sure your customer records, accounting data, computer network, and email are secure from hackers, ransomware, and all threats, no matter the IOT device or system you are implementing. Contact us today to learn more.