Challenges Healthcare Organizations Face Securing Today’s IoT Devices

Internet of Things (IoT) devices have become deeply integrated into our everyday lives through our homes, businesses, and transportation systems. Although IoT devices have brought many benefits, they come with just as many security challenges. From spying on private conversations to hacking baby monitors, a vast majority of manufacturers still do not prioritize a “security by design” mentality. 

The deployment of IoT systems within the healthcare industry has broadened the attack surface, especially since the COVID-19 pandemic forced healthcare providers to deploy teledoc services at a fast pace. In fact, 99% of security professionals say they encountered challenges in securing their organization’s IoT devices. Attackers have leveraged these devices to deploy much larger botnet attacks such as the Mirai attack in 2016, and in once scenario used a smart speaker to gather sensitive intel to possibly deploy spear phishing attacks, which is a major concern for security professionals. 

The unaddressed cybersecurity risks associated with IoT devices can interfere with healthcare security and patient safety. Prior to the pandemic, 82% of healthcare organizations have experienced an IoT-focused attack. One study uncovered that there are upwards of 10 million to 15 million medical devices in the United States, and 10-15 connected medical devices connected per patient bed in a hospital. With more healthcare providers forced to focus on remote medicine, we can expect the number of IoT-focused attacks to increase in 2021 due to expanded access

The unsecured deployment of IoT devices directly connected to the internet is the reason organizations need to factor in security at the application level and device level within their security posture. Network security is not enough to detect and identify the cause of a breach due to an unsecured IoT device. Organizations need to research their devices before making a purchase and ensure manufacturers have release notes that show that the manufacturer hase been releasing timely security patches for discovered vulnerabilities. Insight into their secure software development lifecycle (SDLC) process would be an added review. 

As the pandemic continues, we will see an upswing in IoT usage both in the healthcare industry and other sectors such as manufacturing. Therefore, healthcare IoT security, and IoT device security in general, should be top of mind. In the wake of two massive cybersecurity attacks, the Biden administration is taking a number of steps to try and improve cybersecurity.  

In December 2020, the Internet of Things (IoT) Cybersecurity Improvement Act was signed into law, this bill is intended to issue recommendations for secure development, identity management, patching, and configuration management for IoT devices and only applies to federal procurement, however, this is a step in the right direction. These recommendations are consistent with the National Institute of Standards and Technology (NIST) standards and lays down the framework for a federal law that manufacturers can follow to ensure the safety and privacy of their end users. 

If you are looking at ways to improve security for your healthcare IoT security and more, we recommend establishing tools and programs in alignment with the NIST Cybersecurity Framework. It is also key to have prevention, detection, and response plans in place such as a Managed Detection and Response (MDR) services, and have 24 x 7 security monitoring in place to detect unwanted behavior and reduce the likelihood of an incident. Our Managed Detection and Response (MDR) experts are available to help you build that plan or review your current plan. Learn more about IoT security by registering for our Foundational Security for the Internet of Things (IoT) webinar.