Perhaps one of the biggest technological developments of the 21st century so far is the Internet of Things (IoT). With already-widespread and growing use, more and more industries are finding a role for these systems in everyday operations. Healthcare is no exception, and within the broader market, the mid-market healthcare business is even less an exception. Yet despite all the value that IoT has, it does have a few problems of its own. The biggest of these is security, and the more we understand about this potential threat, the better we can do to protect ourselves and our systems against it.
What Risks Does the Internet of Things Present?
Like any truly revolutionary and powerful tool, IoT does present risks along with its benefits.
Poor channel management
With a growing number of devices entering hospitals, -- some by channels like the Bring Your Own Device (BYOD) protocol -- there are a lot of ways to get unauthorized devices into a room. This means more potential failure points for security.
Some devices represent security failings by themselves. Between devices that have no standard controls—no passwords or encryption—and devices that are themselves glitched and easily broken into, it's another potential problem for IoT and security. Viruses can be brought in with these devices, which may gain access to the wider network, setting up potential access for hackers later via trojans. A range of other problems can also be caused.
What are the Potential Repercussions of Exposure Caused by Internet of Things Devices?
The Health Insurance Portability and Accountability Act (HIPAA) represents one of the main sources of guidance for healthcare operations, including the mid-market ones. And the potential penalties involved in HIPAA violations can be substantial, ranging from $100 to $50,000 per violation, and increase from there. In some cases, HIPAA violations can include jail time as a potential consequence, so protecting data to avoid HIPAA violations becomes that much more important.
Civil suits or criminal action
Two patients in an Austrian hospital took advantage of weaknesses in an infusion pump that controlled the doses of painkiller they received after reading up on it online. The two were then able to control the amount of painkiller introduced into their bloodstreams, and increased the dose accordingly. The result was an overdose that ultimately caused respiratory problems. Had either patient died as a result, the effects would be catastrophic for not only the healthcare provider, but also for the surviving families.
How Can the Risks of IoT be Prevented?
Harden the endpoints
Many IoT endpoints are simple devices. Commonly, they're sensors with a modem, radio, or similar communications measure included to transmit the data generated by the sensors. Making these more secure helps prevent hackers from using the endpoints as a springboard to access the wider network.
IoT devices are often widely scattered so as to get the broadest range of data. This also increases their risk of being hacked since they're often out of sight of authorities. Place cameras near any IoT device, or keep them in line-of-sight of human staff to help ensure their safety.
Create a “data dictionary.”
When you know what devices should be on the network, it becomes much easier to spot which ones shouldn't. A “data dictionary” knows where the data should be, what devices should be able to access it, and several other key factors that help spot problems before they start. The more you know about the data you have, the more likely you are to know when it's somewhere it shouldn't be, or if someone who shouldn't be seeing it is.
How Can a Mid-Market Healthcare Business Better Secure Its Network in General?
One of the biggest risks the IoT presents is that it can be used as a means to gain access to the wider network. So protecting the wider network can be helpful here too.
Build in encryption
Most network security focuses on perimeter defense, trying to keep unauthorized users out of the network and the information contained therein. Instead of focusing on the outer defenses, consider encrypting data so as to make any data actually stolen much less useful to those who don't have the necessary encryption key.
Practice basic “security hygiene.”
Some points of network defense are universal.
- Limit device access
- Carry out updates as required
- Focus on strong passwords
- Provide regular employee training about security risks like phishing attacks caused by opening certain email attachments or following links from an email or instant message.
These basics help reinforce a system by preventing many common points of access being exploited by hackers and others.
Use a “secure boot.”
In a secure boot, when a device is turned on, the full range of the device's options don't activate until it's made clear than no configurations have been modified. If no
modifications have taken place, the chances of a hack in progress are much less.
Have a dedicated data security team
It's tempting to push this function off onto the IT department in general—it's a cost savings to use what's already there—but data security, especially for mid-market healthcare firms, is too vital to leave to a department that's already got several functions to address.
How Should a Business Get Started Protecting against Internet of Things Risks?
Value in IoT is easy to see—from sensors to general information relays—but the potential for disaster is also easy to see. To better protect against the risks this powerful new system poses, start by talking to us at UTG. We have systems in place that not only make information readily available, but also protect the privacy of the patients connected to that information. We can do it all in a fashion that's HIPAA-compliant, so you'll be ready on every front. Just drop us a line and let us help you get started.