Medical IoT Devices Usually Share Environments with Smart Assistants, Exposing Organizations to HIPPA Violations

IoT devices are pervasive in all aspects of life, including healthcare, but it looks like security and data privacy of such devices are compromised by sharing spaces with Amazon Alexa and Echo devices, which can record conversations without the knowledge of patients or medical personnel.

The IoT ecosystem has devices from all industries, including healthcare, and they are just as exposed as everything else. The significant difference is that IoT medical devices provide essential functions, and any action that compromises them can have grave consequences.

According to a report from Ordr, the healthcare industry is woefully underprepared for the influx of IoT devices, and this exposes them to outside threats. Depending on the situation, the culprit is usually old technology, poor network implementation, ignorance of how IoT devices can interact with each other or a combination of all of the above.

“The IoT market is now expected to grow to 31 billion connected devices by 2020 and 75 billion devices by 2025,” states the report.

“With so many devices proliferating, security and risk professionals need to be much more aware of the expansion of their attack surface. Each device represents a new attack vector for cyber attackers.  The recent spate of vulnerabilities that impact IoT recently, from Ripple20 to SIGRed, demonstrates the importance of securing these devices.”

First of all, 15% to 19% of IoT devices run on old legacy operating systems such as Windows 7, which has reached end of life. Changing the underlying infrastructure is expensive and time-consuming, so they will likely remain in this state for a long time.

Also, 20% of deployments had PCI-DSS violations where IoT devices with credit card information were on the same subnet or VLAN as a tablet, printer, copier or video surveillance camera.

Probably the worst part is that 95% of healthcare deployments had Amazon Alexa and Echo devices active in their environment. This is a big deal because those assistants can unwittingly record conversations and patient details, committing HIPPA violations.

Most of these problems have relatively easy solutions. In most cases, it just requires some tweaking and care. Visibility remains an issue, as most security and IT departments don’t exactly know how many IoT devices have in their networks.

Add Comment

Your email address will not be published. Required fields are marked *