Your Plan for Taking Internet Connected Medical Devices Off Life Support
Health care professionals are at a crossroads, trying to balance the need for utilizing disruptive technology trends such as cloud computing and Internet of Things (IoT) to improve the way they care for patients with keeping sensitive healthcare data secure.
Adoption of cloud technology in healthcare doubled last year, with the average healthcare organization using more than 900 cloud services, the average healthcare employee using 28 cloud services during the course of their day. However, only 7 percent of these cloud services meet enterprise security and compliance requirements.
The prognosis? The rapid digitalization of consumers’ lives and records will cause the cost of data breaches to reach $2 trillion by 2019, according to Jupiter Research.
This isn’t a new issue for healthcare. IBM called 2015 “the year of the healthcare breach”, and these issues still cause healthcare organizations to lose nearly $6 billion every year, with no end in sight. More than 30 percent of all reported data breaches in 2017 originated in the healthcare industry, exposing millions of individuals’ records in the process.
A new survey from Deloitte & Touche shows health care professionals haven’t quite found the prescription to solve this malady quite yet – internet-connected medical devices are a major concern, with few feeling adequately prepared for the cybersecurity risks the devices bring. The survey found less than 20% of respondents felt “very prepared” to address issues such as litigation, internal investigations, and regulatory matters that derive from medical device cybersecurity incidents. Additionally, more than 30% of respondents said identifying and mitigating the risks of fielded and legacy medical devices is the biggest cybersecurity challenge the industry faces. Vulnerable connected devices include common equipment such as pacemakers, MRI scanners, and infusion systems.
Always-on connectivity holds great promise for healthcare, as doctors are increasingly relying on mobile apps, wearable devices, and tablet computing to provide higher quality care to patients. While that would make Hippocrates proud, it is leading healthcare IT teams down a dangerous road. All devices are connected to the Internet, and the industries producing these wearable devices and embedded systems are even less capable of patching its software to plug security gaps.
There are too many cooks in the kitchen – three, to be precise – when it comes to the manufacturing and selling of these systems.
Specialized computer chip makers (e.g. Broadcom and Qualcomm)
System manufacturers (e.g. Original Device Manufacturers)
Brand-name companies selling to us (e.g. Fitbit and Apple)
Layer 1 is busy making the next chip, while Layer 2 is upgrading its product to work with the next chip. Maintaining older chips and products aren’t a priority. Even if you have a brand new Fitbit, chances are the software components are four to five years old. The result is that hundreds of millions of devices are sitting on the Internet, unpatched and insecure. Hackers know this, and they’re starting to attack.
Lawmakers and regulators are trying to pressure these companies to strengthen the security of IoT devices. The U.S. Food and Drug Administration issued guidance covering cybersecurity for networked medical devices in December 2017, and a bipartisan group of senators introduced a bill earlier this month that would set security standards for IoT devices.
As we’ve seen, legislation and regulation take time to go into effect. Hackers aren’t waiting, and neither should you. How can you start to close the gap on the security of your data in the midst of these burgeoning trends now?
First and foremost, you need to understand what’s critical to your business through a vulnerability assessment. Vulnerability assessments aren’t an opportunity to play the blame game. It’s an audit of what you have today in order to plan for a more secure tomorrow.
After you complete the vulnerability assessment, it’s time to protect your data, detect breaches, and respond to threats quickly.
Protect your data: Encrypt your sensitive data and consider placing it in a secure cloud, which should act like a vault to keep people out and a prison should they ever get in.
Detect any breach – fast: Most data breaches go undetected for an average of 210 days. Look for technology (or a team) that will guard your data 24/7 and detect breaches as soon as possible.
Respond to any threat: An immediate response is critical to prevent data ex-filtration and damage to your brand reputation.
With US Cloud, you can safeguard your network and cloud to protect your healthcare organization from emerging cyber threats. From penetration testing and vulnerability assessments to managed security plans, hyper secure cloud and next-generation security tools, US Cloud has you covered.