How To Secure IoMT From Cyberattacks

essidsolutions

Connected medical devices are leaving the healthcare sector more exposed to cyber threats. Sumit Sehgal, senior information security and technology executive, Armis discusses how the healthcare industry can protect IoMT devices and improve patient care. 

The internet of medical things (IoMT) is vital for improving patient care along with the efficiency of medical organizations. Unfortunately, while these types of equipment can save lives and treat different kinds of illnesses, they also open doors to a myriad of associated cyber-risks and leave hospitals and other healthcare organizations vulnerable to attack.   

Recently, attackers have increasingly had their sights set on the healthcare sector, which suffered copious amounts of attacks over the lockdown period. As a matter of fact, a study conducted by the Ponemon Institute in 2020 revealed that 54% of healthcare providers suffered a minimum of one patient data breach within the past two years, while 41% suffered at least 6, if not more. Shockingly, the average data breach cost $2.75 million and affected approximately 10,000 patient records.  

See More: IoT Security: The Elephant in the Room

Cyberthreats in the Healthcare Sector

 With cybercriminals constantly developing new sophisticated attack vectors, medical devices are always at risk of being targeted. One example of the risks healthcare organizations are exposed to is the vulnerabilities uncovered in May 2021 by security researchers at Armis. Dubbed PwnedPiperOpens a new window , these vulnerabilities were located in the Nexus control panel of Swisslog Healthcare’s pneumatic tube system (PTS), used by over 3,000 hospitals worldwide to transport medication, blood and laboratory samples. A successful breach would have allowed a threat-actor to remotely take control and launch ransomware or other malicious software onto the hospital systems that could result in a distributed denial of service (DDoS) or man-in-the-middle attack. Such an incident would not only have been disastrous to the hospital’s digital infrastructure but also for patients awaiting diagnosis, treatment or medication. As such, these vulnerabilities highlight the importance of implementing sufficient and secure cybersecurity Opens a new window solutions and processes to protect patients and staff alike.  

The number of connected medical devices already exceeds a million, ranging from blood glucose monitors to medical imaging devices and pacemakers. That being said, while the number of IoMT devices steadily increases, so does the cyber risk they are exposed to. What’s more, these devices not only pose an attractive target to attackers as a result of being connected to the internet, they may also store excessive amounts of sensitive patient health data.  

The main threats that connected medical devices are exposed to are: 

    • Legacy problems: One of the largest risks is posed by outdated systems. In fact, many vital devices, such as MRI machines or CT scanners, unfortunately, run on legacy systems, which are difficult to patch and protect and can only be scanned for malware using supporting software.  
    • Limited visibility: While many IoMT devices are connected to Wi-Fi or radio frequency networks, they have limited computing and storage resources in addition to purpose-built custom operating systems. As such, it is complicated to equip them with a security agent and, therefore, they cannot be controlled or monitored for threats.  
    • Difficulties with repairs: Less sophisticated devices (e.g., heart rate monitors or infusion pumps) often use embedded operating systems, making troubleshooting security issues more difficult. This is down to the fact that the firmware has to be manually installed if a security vulnerability is discovered. 

See More: 6 Cybersecurity Questions About an Increasingly Ubiquitous IoT

The Benefits of the Internet of Medical Things  

With all this potential risk, you may be thinking – what, then, are the benefits of IoMT devices? Once these are sufficiently secured, connected medical devices can drastically improve both clinical operations and operational efficiency through:  

    • More accurate diagnoses: Sophisticated connected medical devices allow healthcare providers to more accurately diagnose patient illnesses, all while reducing cost and the margin for error. Additionally, patients can link their smartphones to the device portals to receive real-time information from their doctors, improving the monitoring of illnesses.  
    • Improved patient experience: Nowadays, wearable smart devices allow patients to monitor their health and fitness. This simultaneously makes it easier for healthcare experts to have an overview of their patients’ lifestyles, which also reduces (or even eliminates) the need for personal consultations and, in turn, lowers the costs.  
    • Administering medication: Going beyond mere devices, advancements such as smart pills, which are administered orally and include microscopic sensors, can transmit data to a monitoring device, allowing clinicians to measure the effectiveness of a patient’s medication, monitor their health and improve their treatment.  

Protecting IoMT Devices

Healthcare providers have the responsibility of protecting their devices and staff, particularly when it comes to impact to clinical operations and preventing unauthorized access to vital information. There are various ways in which healthcare organizations can protect their connected devices:  

    • Identifying all devices: Healthcare organizations should first and foremost know about and identify all devices connected to their network. Not only will this help in identify potential threats and suspicious behavior, but it will also allow the organization to deploy appropriate security measures and patches.  
    • Monitoring devices: Going beyond simply identifying devices, healthcare organizations should have an appropriate monitoring process to baseline activity on the network. This is crucial in planning preventative security strategies as well as for incident response.  
    • Restricting access: As some IoMT devices don’t allow for software updates or patches, healthcare organizations can limit access through practices such as network segmentation or application whitelisting.  

See More: IoT a Powerful Weapon Against the Next Viral Outbreak

Closing Thoughts

With the healthcare industry facing numerous sophisticated cyber threats, organizations are struggling to protect innovative connected medical devices while maintaining their existing systems to protect themselves from attacks. Consequently, investing in modern solutions that recognize these new threats and vulnerabilities, all while protecting their IT infrastructure, can offer various benefits, not only in terms of security but clinical safety as well.  

Did you find this article helpful? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We’d be thrilled to hear from you.

Contact ESSID Solutions

    By clicking Send Message, you agree to our Terms of Use and Privacy Policy.

    Reach out to us for a free consultation on big data consultancy and development services.

    Contact

    Rua Alexandre de Sa Pinto 143
    1300-034 Lisbon
    Portugal

    [email protected] +351927159955
    Privacy Policy Terms of Service Refund and Returns Policy

    © 2024 ESSID SOLUTIONS LDA