By Steeve Huin, vice president of strategic partnerships, business development and marketing, Irdeto.
The Internet of Things (IoT) market is booming, with IHS Markit forecasting there will be 73 billion connected devices in use around the world by 2025. IoT technology has moved beyond speakers and smart fridges and is increasingly being utilized for critical applications across the healthcare industry, such as pacemakers, insulin and infusion pumps and medical imaging systems.
This Internet of Medical Things (IoMT) is subsequently opening up a new world of possibilities to improve upon patient care, while also improving operational productivity and effectiveness. However, as the proliferation of connected and complex medical devices grows, healthcare providers are more susceptible to cyberattacks.
The key challenge is that cyber criminals often operate as businesses themselves and will focus on targets that will provide the greatest return on their hacking investment. Therefore, as the healthcare sector becomes increasingly connected, we could see an extremely costly impact of IoT-focused cyberattacks, if security is not prioritized. Insecure devices, and potentially companion apps, present a variety of risks to safety and privacy in a critical industry such as healthcare.
The IoMT Threat Landscape
Unfortunately, cyberattacks are already an all too common reality for many organizations in the healthcare space. A recent survey by Irdeto of security decision makers in the healthcare, transport and manufacturing sectors, found that 82% of healthcare organizations have experienced an IoT-focused cyberattack in the past year, with 30% of attacks resulting in compromised end-user safety.
IoT devices are often targeted by cybercriminals as they are much easier to compromise than businesses’ more sophisticated perimeter cyber defenses. The problem is that growth in the use of IoT has far outstripped the increase in trained professionals emerging. As a result, healthcare organizations often don’t have the expertise internally to ensure the connected devices they are using within their organizations are secure.
The research also emphasized this point, revealing that only 6% of healthcare organizations have everything they need to tackle IoT cybersecurity challenges, with an urgent requirement for increased skills and more budget for security identified. In addition, the research found that 98% of respondents in healthcare organizations believe the cybersecurity of IoT devices could be improved and one in four manufacturers of IoT devices for healthcare only update the security of devices they manufacture while they are in warranty.
These alarming findings, combined with reported cyber incidents to critical connected devices in the last few years, make for worrying reading. For example, in the last two years we have seen pacemakers recalled to install a critical patch to update firmware against cybersecurity issues, as well as cybersecurity warnings for insulin pumps from the FDA and Health Canada.