• Health Is Wealth
  • Posts
  • Why the security of medical smart health connected objects must be taken seriously quickly?

Why the security of medical smart health connected objects must be taken seriously quickly?

Security incidents related to the Internet of Things (IoT) in the medical field will experience a sharp increase in 2019. This alarm signal has just been pulled by the American association Himms, working to improve care of health through the use of technology. The reason is simple: the number of smart health connected objects explodes and cybercriminals see opportunities to earn a lot of money …

IoT technologies have been widely adopted andmillion smart health connected devices will appear in key areas such ashealth and medical care. According to a recent study by the centerhospital expertise, IoT accounted for more than 60% of the projectsInnovation in the Health Sector in 2018.

With these new smart health connected objects, hospitals andpractices want to improve the patient experience and reducemanual tasks. For example, a hospital in Los Angeles haswith smart health connected speakers, to give patients a sense ofgreater independence. In France, the Eure-Seine Hospital Center hasinstalled a robot in pediatric emergencies to accommodate children,reduce their stress and put them in trust. These two examples demonstratethe potential of medical devices and IoT handheld devices to helppatients during their convalescence.

Health organizations, privileged target of hackers

Large scale attacks such as ransomwareWannaCry and NotPetya, have already affected health organizations usingobsolete software, and it's only a matter of time before anotherdisastrous attack be revealed. WannaCry, for example, cost about100 million pounds to the United Kingdom's National Health Service, theNHS, after closing hospitals and canceling 19,000 appointmentspatients.

As the number of health organizations deployingIoT solutions increase, security incidents due to innumerablevulnerabilities of smart health connected devices also increase. The associationAmerican Himms explains in his study that almost 76% ofexperienced a cyber attack over the past year, includingvery sophisticated attacks, APT (advanced persistent threats) andattacks from the internal. Email is really the main toolused by attackers to carry out their hacks, since 30% ofattacks targeting health organizations, were initiated by an email fromphishing or spear phishing. Among the main threats, are alsoobviously, data leaks (11.8%), ransomware (11.3%) andmalware stealing credentials (11%).

Visible efforts but not quite fast in the face of the scale of the challenge

Threats to medical devices such aspacemakers, unlike other smart health connected objects, can have an impactdramatic. That's why patient safety remains the prioritynumber one in the health sector. Beyond financial loss or theftof data, it is the health of the patient that is at stake.

Although their efforts are visible and positive, the subjectsecurity is still not moving fast enough. Health care organizationsmust continue to work on the security of their IoT devices,putting in place, in particular, real threat management programs,performing regular intrusion tests to correct thevulnerabilities of infrastructures. The goal is to frame the IoT sosecure. The Himms study explains that even if they wish to integrate aintelligent medical technology, only 6% – or less – of the IT budgetThe total number of health organizations is devoted to the protection of information andIoT assets. It's not enough. Health organizations are considered asbeing "at risk" structures in terms of cybersecurity. And inthe framework of IoT, the detection must be made with attention and the flawsSecurity and vulnerabilities should be monitored.

If cybersecurity does not move at the desired pace,also because the sector faces barriers toincidents: still according to Himms, the reasons are the lack of personnelqualified in cybersecurity (52.4%), the lack of financial resources (46.6%),a large number of application vulnerabilities (28.6%), too many endpoints – servers,workstations, PCs, etc. (27.5%) – and the many new threatsemerging countries (27%).

Security issues related to smart health connected devicesmust be a major concern for the administrators ofhealth services, because any dysfunction could put patientsdanger. Not only for patients using pacemakersintelligent or insulin pumps, but also for those whosemedical records could be sold on the Internet and manipulated for purposesidentity theft and fraud.

We expect that the attacks related to the care ofhealth become more sophisticated because hackers will do everythingwho is in their power to get their hands on personal informationand compromise the medical equipment. As we understand it globally inall sectors, we must organize the response, but this is even more urgentin the domain of health.

AB SMART HEALTH health home & BUILDING REVIEW