Why Security Misconceptions Are Threatening Healthcare Systems' IoT Devices - HIT Consultant

Dinesh Katiyar, Head of Business Development astatine Asimily

Hospitals and different captious healthcare systems look skyrocketing risks arsenic ransomware attacks—which astir commonly people IoT devices—continue to escalate. In 2021 alone, IoT ransomware onslaught incidents targeting healthcare organizations accrued by 123%. 

While astir healthcare systems person a steadfast respect for the value of securing the myriad Internet of Medical Things (IoMT) devices humming wrong their facilities, galore harbor misconceptions that hamper their abilities to instrumentality optimal IoMT information protections and champion practices. These misconceptions, and the stark realities that healthcare organizations should alternatively recognize and basal their practices upon, include:

Healthcare systems excessively often marque the mistake of believing that each instrumentality information is the same—and that the protections they person successful spot for modular IT devices, specified arsenic servers and laptops, tin besides efficaciously support IoMT devices. 

Traditional IT information cannot reliably unafraid IoMT devices for a fig of reasons. First, galore accepted information tools leverage progressive scanning to observe threats. But a precocious percent of IoMT devices can’t withstand progressive scans and volition crash, perchance impacting diligent health. Tools designed to unafraid accepted devices are besides improbable to reliably observe and inventory IoMT devices, and cannot support what they don’t cognize is there. Such approaches besides deficiency immoderate quality to measure oregon contextualize risks associated with non-connected IoMT devices.

The amended attack is enlisting a information strategy intended for the task astatine hand. Effective information volition leverage IoMT-specific data, frameworks, and MDS2 shaper disclosure statements to recognize and mitigate known vulnerabilities. IoMT information besides requires a thorough knowing of each device’s connections and surrounding ecosystem: these details are indispensable to determining whether IoMT instrumentality vulnerabilities correspond existent threats that really request to beryllium addressed. 

2) “Adding IoMT-specific information is beyond our budget.”

IT and information decision-makers wrong healthcare organizations are inherently budget-conscious—and request to be. However, the existent imaginable for attacks to interaction diligent wellness and for information shortcomings to effect successful six oregon seven-figure regulatory penalties powerfully supports the statement that they can’t spend not to put successful IoMT security. 

Much similar successful the healthcare manufacture itself, an ounce of IoMT information hazard prevention is worthy a lb of cure. And implementing effectual IoMT information enables further outgo controls by eliminating overmuch of the existing spending needed to place and hole instrumentality vulnerabilities (as good arsenic vastly expanding ratio by flagging the vulnerabilities that bash and bash not airs an existent risk). IoMT information insights tin besides alteration much businesslike instrumentality procurement, offering greater visibility for maximizing the ROI of a much broad information strategy.

3) “Data postulation for IoMT information purposes increases HIPAA usurpation risks.”

Certainly, healthcare systems indispensable prioritize the information of protected wellness accusation (PHI) and adherence to HIPAA regulations. This doesn’t conscionable support patients, but besides avoids some fines and reputational damage. To continually execute compliance, IT and information teams cautiously enforce information sharing restrictions upon immoderate accusation transmitted to vendors oregon the cloud. 

However, the conception that collecting information to pass unafraid IoMT practices raises the risks of violating HIPAA is false. IoMT information investigation focuses connected web postulation data, which doesn’t see PHI data. Security safeguards tin besides use filters that forestall transmission of PHI implicit the cloud, and the unreality itself tin beryllium made HIPAA compliant. Using a afloat on-premise IoMT infrastructure tin efficaciously forestall extracurricular information transmission and hazard arsenic well.

4) “IoMT information deployments necessitate months of effort.”

While deploying a caller physics wellness records strategy mightiness instrumentality an enactment a afloat twelvemonth to complete, IoMT-specific information implementations are an wholly antithetic way guardant with a overmuch swifter process. IoMT information enlists galore cloud-based safeguards, which necessitate nary of the hardware procurement oregon lengthy accumulation deployments that resistance retired implementations successful different areas. IoMT information systems that bash trust connected borderline devices tin inactive beryllium implemented successful conscionable hours. In general, there’s thing overly cumbersome oregon drawn retired astir deploying IoMT-specific security.

The truth: IoMT-specific information is wrong reach.

If existent trends proceed arsenic predicted, ransomware and different attacks connected IoMT devices volition lone go much frequent. For healthcare systems, avoiding breaches that exposure information and the concern itself to costly fines and crushing reputational harm is crucial. Attackers would emotion for IT decision-makers to proceed believing that the IoMT is acold excessively analyzable and challenging to unafraid properly. Fortunately, the disbursal and trouble of adopting highly effectual IoMT-specific information measures aren’t astir arsenic daunting arsenic the still-common misconceptions suggest.

About Dinesh Katiyar
Dinesh Katiyar is Head of Business Development astatine Asimily. His vocation successful exertion has included enactment roles astatine Glassbeam, SnapLogic, and Informatica, among others.