Medical IoT Security Incidents on the Rise in 2019, Survey Says

IoT technology has been widely adopted, and millions of smart devices will probably pop up in key sectors such as healthcare. In 2018, hospitals and medical practices already adopted IoT projects to improve patient experience and reduce manual tasks. For example, a hospital in Los Angeles equipped rooms with Alexa-operated devices to make patients feel more independent, in one of countless ways IoT medical devices and wearables can help patients.

Large-scale attacks such as WannaCry and NotPetya have already affected healthcare organizations operating on outdated software, and it’s only a matter of time before a disastrous attack. WannaCry, for instance, cost UK’s National Health Service (NHS) some £100 million after it shut down hospitals and cancelled 19,000 patient appointments.

According to the 2018 HIMSS Cybersecurity Survey, patient safety remains the number one priority in the healthcare sector, which rates its top threats as breaches or data leaks (11.8%), ransomware (11.3%) and credential stealing malware (11%). The top roadblocks in incident mitigation are lack of appropriate cybersecurity personnel (52.4%), lack of financial resources (46.6%), too many application vulnerabilities (28.6%), too many endpoints (27.5%), and too many emerging and new threats (27.0%).

As the number of healthcare organizations deploying IoT solutions increases, so do security incidents due to the countless vulnerabilities in smart devices. Almost 76% of healthcare organizations suffered a cyberattack in the past year, including APTs (advanced persistent threats) and insider attacks. Almost 30% of the attacks were linked to phishing and spear phishing emails (29.6%), the most common point of compromise.

Although their efforts are on the right track and compliance has been a top concern, healthcare organizations should focus more on IoT-device security, insider threat management programs and penetration testing to fix infrastructure vulnerabilities and adopt a secure framework. Even though they are interested in incorporating smart medical technology, as little as 6% or less of the total IT budget is used on protecting information and assets.

Security issues in smart devices should be a top concern for administrators in healthcare because any malfunction could endanger patients. Not only for patients who use smart pacemakers or insulin pumps, but for those whose medical records could be sold on the dark web and manipulated for identity theft and fraud. Healthcare attacks will become more sophisticated, as hackers will do everything in their power to get their hands on personal information and compromise medical equipment.