The breach with the longest shelf-life: Healthcare

The IoT landscape is rapidly evolving and these “things” are becoming countless. A few years ago, it would be hard to believe that medical devices would have network-connected capabilities that can track our health and monitor recovery progress and save lives of every age and demographic. This brings us to the internet of medical things (IoMT), a marketplace that covers a variety of applications, including patient monitoring, telemedicine and other devices that have internet connectivity. As we embrace the benefits IoMT brings, we must also ask essential questions about protecting patients: Where is their health data being stored, and is it safe?

Such devices can react in real time to relay critical information to the doctors, first responders and caregivers that are saving lives and improving health outcomes and patient experiences. However, according to the 2019 Thales Data Threat Report-Healthcare Edition, the healthcare industry experiences the highest rate of attack compared to any other industry studied.

Incredible health benefits, but also tech risks

It is clear that IoMT positively impacts healthcare providers and the lives of patients. Patients suffering from chronic diseases can avoid frequent visits to the doctor through remote patient monitoring. Every-day sick visits can turn into convenient video chats. Doctors can give their patients faster and more accurate diagnoses. Wearable devices can detect potential heart problems. While these examples demonstrate freedom, accessibility, and a painless experience for patients, IoMT technology surprisingly has the potential to cause some real “pain”.

Hospitals may assume patient data is being protected in the cloud, but according to this the study, 100% of healthcare organizations — more than any other industry sector — are collecting, storing and sharing sensitive data within digital transformation technologies while fewer than 38% are encrypting data within these environments.

One significant benefit of connected devices is the capability to collect and store a large volume of information, enabling doctors to access patient health data in real time and increasing the accuracy of diagnosis and spotting of trends. Unfortunately, data collection and storage can bring increased vulnerability around privacy and security. The range of possibilities for IoMT seems infinite, but to take advantage of them, the security of connected medical devices and related applications must be implemented thoughtfully to ensure data attacks and misuse are avoided.

While IoMT significantly improves healthcare, there are staggering numbers that indicate healthcare organizations are failing to implement good data security practices, putting themselves in danger of non-compliance and putting patients in danger of becoming victims of fraud. When sensitive patient data is compromised — intentionally or otherwise — medical records can be sold on the dark web for upwards of $1,000 per record, according to Experian. Unlike a credit card hack, where the bank can shut down the account and provide the consumer with a new credit card number, this healthcare data is out there for good – exhibiting a shelf-life longer than dried beans.

Where do we go from here?

As data breaches reach an epidemic level, Healthcare leaders do not need to choose whether or not to implement IoMT technologies within their business. Instead, they must be sure to check two things off their to-do list:

Partner with the right companies. Developers and the hospitals that implement these technologies must consider integrating key security features that protect the device and patient from encountering any malicious activity. Nowadays, every business is inclined to function as a technology company when it comes to implementing IoT and security. In a previous blog, we discovered that less than half, 48%, of companies could detect if any of their IoT devices have been breached. Breach detection and mitigation are especially crucial for the healthcare sector, because businesses must partner with the right security companies that can help ensure safe data storage, compliance and security protection features.

Meet security compliance regulations and educate patients. It is important for healthcare providers to not only confirm that their collection and use of data is HIPAA compliant but also ensure healthcare practitioners are explaining to patients the privacy issues and security risks that come along with IoMT devices. In addition, personal identifiable information is increasingly becoming a hot button for consumers at large. A prime example is California’s Consumer Privacy Act. Privacy will continue to be a focus for legislators over time, so it is imperative for healthcare organizations to understand regulatory mandates and compliance issues and how those impact their IoMT strategy.

The world of digital transformation is upon us, and our healthcare providers may need a shot in the arm to safeguard IoMT, because an apple a day won’t keep a data breach away.

All IoT Agenda network contributors are responsible for the content and accuracy of their posts. Opinions are of the writers and do not necessarily convey the thoughts of IoT Agenda.

Data Center
Data Management