THE IT SECURITY PROFESSIONAL |
Barlowtek
The It security Pro
Helping Organizations Understand IT Security
&
Best Practices
IT Security Challenges AheadWhen you think, of the Internet of Things (IoT) most of us that think about our connected smart-homes and devices such as Google Home and Alexa and all of the assorted devices they are able to control. While this is a large market for these such devices, this is not the only place they are making an impact. It is precisely the area of healthcare that most of us will be impacted by the use of IoT. Connected Healthcare If you enter a hospital these days, it is like you are walking into a futuristic sci-fi fantasy world. It’s where you have connected devices that are able to share and transmit data to the providers in a way that makes the information actionable. This all helps the level of healthcare that can be provided to the patient. Being connected to all of those sensors and equipment, you have to ask about the security of them. Who has access to the data? How will the information be stored? Either way you look at it, security needs to be well thought out. Benefits of IoT Several benefits also come with the adoption of IoT, with some of them being the following:
Inherent Risks Several specific issues arise from the adoption of IoT technology within the healthcare industry. The biggest of these issues is being the security of the devices and the networks in which they connect to. This connectivity to the Internet can pose a risk to the use of the device. The security protocols that are used for IoT devices may not be as robust as they are for the corporate network (which is what most IoT devices are connected to) versus a segmented network that allows for restricted access controls. The connectivity poses risks in that the devices could be accessed from outside the network due to lax security controls on the device itself. Attackers are looking for any chance to compromise a network, and an additional access point that an IoT device might give could provide this. Access to the device itself and the settings could pose a risk to a patient in that an attacker changing the settings may affect their personal health by causing adverse health effects. Security Controls Needed
While IoT devices connect to the Internet utilize the current protocols, there should be additional controls that are established that help to prevent the data that is stored on the devices themselves from being compromised. Patient information is already protected by HIPAA (Health Insurance Portability Accountability Act), but additional controls or standards should be outlined for the use of IoT devices within a healthcare environment:
Security is Coming While there is a growing need for security protocols and practices to follow, the IoT market has been slow to adopt them due to the need to get devices out to market. This has prevented some devices from including security protocols at all. When IoT devices are connected to a network they are in a mode that will allow them to connect to any sort of network and may even have the default password set (some will let you change this through an internal device portal) but this is usually known to all those that purchase the devices from the manufacturer. Security protocols and procedures need to be developed that protect the patient and the sensitive data that the device might collect on them. This has to be implemented by both the healthcare provider and the industry as a whole. Either the industry creates and implements their own guidelines or the government will mandate it through other mechanisms or regulations. Either way, security will be coming to the IoT industry that provides healthcare devices. Summary All of these areas can hamper the adoption of the use of IoT devices within the healthcare industry which effects the patient and care they are given. It is also important that this particular part of the IoT industry that is focused on the healthcare market look for ways to make their devices more secure than those that are used in the home. Dealing with a patient’s personal and sensitive data requires those devices that collect it to be more secured than those do that just process it.
0 Comments
|
IT Security ProSecuring the future one byte at a time! Mr. Barlow is here, staying ahead of the curve in Information Security Leadership. Ready to help your company stay safe and secure. Categories
All
Archives
January 2023
|