Cyber Security, Meet Internet of Things

We’ve talked plenty about cybersecurity in the past. We’ve also talked about connected medical devices on occasion. The time has come to talk about the overlap between the two.

Image result for internet of things cybersecurityConnected devices come in all shapes, sizes, and utilities these days. At home, people are connecting their TVs, lightbulbs and even refrigerators, loosely termed, the Internet of Things (IoT). While these applications are certainly beneficial, they don’t begin to scratch the surface of IoT’s ability to improve our lives. Take an example from a hospital in Boston: it’s using connected infant-monitoring devices to instantly alert nurses’ phones if a change in vitals is detected. That’s one example, but there are more, described here.

With the use of connected medical devices skyrocketing, they are becoming a natural target for cybercriminals. And the danger is larger than most realize. Yes, there is the obvious prize of individual HIPAA-protected information. But IoT devices can also serve as gateways as they are often connected to other networks. Rather than go through the well-protected router to gain access, hackers can target one of the many connected devices.

A recent Deloitte poll of health IT professionals identified that “approximately 30 percent of those surveyed said identifying and mitigating potential risks in legacy and connected devices was their greatest cybersecurity challenge.” This is a serious – and growing – problem. And regulation is quickly catching up. Health IT Security reports that Senator Richard Blumenthal of Connecticut recently introduced The Medical Device Cybersecurity Act of 2017 (S. 1656), which would “strengthen the entire health care network against the ubiquitous threat of cyberattacks.”

To tackle the problem IoT medical devices in an organization must be inventoried, audited, and – where necessary – upgraded to meet enterprise security requirements. It’s a daunting challenge, and undoubtedly an investment, but it’s far cheaper than a large-scale data breach incident.

How has your organization protected its connected devices? What tips can you share? Join the conversation by tweeting us @CNSIcorp