Medical technology is getting connected. Today, a growing number of devices used in healthcare are part of the Internet of Things (IoT) — the vast online network used to share information. Cybersecurity, however, is a significant challenge to the continued adoption of this technology. It’s crucial that medical device manufacturers make cybersecurity a priority.
Medical Applications of IoT
Using IoT technology, devices such as heart rate monitors, blood pressure monitors, glucometers and scales used at home can transmit health information directly to doctors. In hospitals, equipment such as defibrillators, pumps, and wheelchairs can be fitted with sensors so medical staff knows where they are at all times. Devices can be equipped with push buttons that send out calls for emergency medical help. Sensors can also monitor health equipment, helping ensure devices function properly and warning users about potential problems before they occur.
In the future, we may likely see IoT devices that are more integrated into the body. In a recent experiment, researchers implanted electrodes in paralyzed monkeys’ brains. The electrodes recorded electrical signals from the brain that would typically control movement. The electrode then sent the information to a computer that decoded it and sent it to electrodes placed in the animals’ lumbar spines. The electrodes stimulated the monkeys’ spinal cords, moving their legs according to the commands their brain sent.
While we’re not using these kinds of treatments yet, we may be someday relatively soon. The IoT is already making a substantial impact on health care, though, with current technology. IoT tech can increase the amount of data health professionals have about their patients, enabling them to offer more personalized care. It can also improve productivity and efficiency in healthcare facilities.
More data and an interconnected system for managing it means more information can be used to improve care. While the growth of IoT medical devices has many potential benefits, it also comes with risks, namely associated with cybersecurity.
Patient medical information is up to 10 times more valuable to hackers than financial data. Criminals can use this information to file fake claims with insurers and buy medical devices or medicine to resell.
While a single medical device likely doesn’t contain a patient’s full medical history, hackers can use them as gateways into the larger information system. The more devices there are on a network, the more chances criminals have to find a way in. Gaining access through an IoT device also provides some anonymity, because it allows the perpetrator to make requests using the IP address.
Hackers could also launch a denial-of-service attack in which they make IoT devices unavailable, potentially demanding a ransom to restore access. This represents a significant risk to patient safety.
The U.S. Food and Drug Administration (FDA) recently issued guidance warning the health care industry about security risks stemming from off-the-shelf software used with interconnected medical devices. The National Institute of Standards and Technology (NIST) also recently issued a report about managing cybersecurity risks from IoT devices, and the FBI recently issued a warning about the matter.
Cybersecurity issues related to IoT devices are clearly a serious concern, especially when it comes to medical devices.
How Manufacturers Can Improve Security
While health care facilities should also play a role, according to the FDA’s Quality System regulation, device manufacturers are the ones responsible for the security of their software. Cybersecurity should be a priority for all medical device manufacturers. Not only will focusing on security help them gain market share, but it’s also essential for patient safety.
The Importance of Security in Emergencies
There are hundreds of natural disasters every year, from hurricanes and tornadoes to earthquakes and tsunamis, that impact human life, killing hundreds of thousands of people. For most people in the path of a natural disaster, evacuation is the best option, but for healthcare facilities like hospitals, evacuation won’t work.
Natural disasters won’t stop people from needing medical care, but they do make it harder for patients to get to the hospital. That’s where investing in telehealth options can come in handy. Patients can still talk to their doctor, get medical advice and even receive prescriptions without needing to make the trip to a hospital. In order to protect patient security and provide access to health care, even in times of crisis.
Understanding How Customers Use Devices
One way medical device manufacturers can improve cybersecurity is to ensure they understand how their customers are using their products. It’s also helpful to understand the typical cybersecurity maturity level of their customers. They should check in with customers and update their use cases about once a year. This will help them keep up with changing needs and provide updates as necessary. Device manufacturers should also be prepared to hear concerns from customers that discover potential vulnerabilities.
Offering Improved Security Capabilities
Manufacturers can consider offering on-device security solutions as well as partnering with third-party cybersecurity vendors. This setup gives customers options depending on their preferences and security environment. Most customers will likely use out-of-the-box solutions, but some may prefer also using integrated aftermarket options.
Ensuring the software and hardware of your device have adequate security features can help protect against other potential vulnerabilities related to the use of default passwords, weak network security and other issues. Of course, device manufacturers need to ensure any third-party cybersecurity vendors they work with are trusted and capable of providing the required level of security.
Meeting Quality Assurance Thresholds
Medical device manufacturers also need to make sure their devices are free of known vulnerabilities and meet quality assurance thresholds. Penetration testing and vulnerability scanning, either through third parties or internally, can help in this area. Manufacturers need to use a methodical approach to identifying and removing vulnerabilities.
Conducting Continuous Testing
It’s also important that manufacturers continuously conduct testing of their devices’ cybersecurity aspects and provide updates as needed. This includes software and firmware updates, as well as upgrades for features and functionalities for out-of-the-box and after-market solutions.
The Benefits of Improved Medical Device Security
Improving the security of medical IoT devices will have benefits for device manufacturers, health care companies and patients. Device manufacturers will improve their products and, as a result, sell more of them. This increased revenue will allow them to invest more in improving their offerings further and developing new technologies.
Improving the security of IoT will also reduce risks for health care organizations by making it more difficult for hackers to steal data. Patients will also be exposed to less risk and will receive safer care.
The IoT health care market is growing rapidly and is expected to reach $136.8 billion worldwide by 2021. Despite this growth, medical device manufacturers are still facing some significant challenges, and perhaps, the most prominent is cybersecurity. The age of IoT is already here. It’s up to medical device manufacturers, as well as health care organizations, to put the necessary focus on cybersecurity.