Cyber-attacks in the healthcare industry is on the rise as medical data are far more valuable than credit card fraud or other online scams. Medical information contains everything from a patient’s medical history to medical prescriptions, and hackers are able to access this data via network-connected medical devices as a result of Internet of Medical Things (IoMT).
Internet of Medical Things (IoMT) is a collection of medical devices and applications that connect to healthcare IT systems through online computer networks. These include medical devices equipped with Wi-Fi that allow machine-to-machine communication. The rise of the IoMT, while opening doors to both improved processes and patient care, has resulted in an increased number of vulnerabilities.
Healthcare IT security teams in India must be prepared to face possible cyber-attacks on connected medical devices in healthcare facilities, as well as home health devices. These devices have not been designed with security as a top-of-mind concern since developers are primarily focused on functionality and ease of use.
According to Allied Market Research, the global Internet of Things (IoT) healthcare market is expected to reach US$136.8 billion by 2021, registering a CAGR of 12.5 percent between 2015 and 2021, driven by easy availability of wearable smart devices and decreasing cost of sensor technology.
“The massive influx of connected devices into the healthcare industry has expanded the surface area for possible cyber-attacks. Many healthcare institutions lack adequate security capabilities. The combination of these two factors equates to an “easy win” in the eyes of cybercriminals,” said Rajesh Maurya, Regional Vice President, India & SAARC at Fortinet.
Researchers at Fortinet offer the following strategies for healthcare organizations across APAC to prepare against imminent IoMT cyber-threats:
Maintain Good Network Hygiene
Ensure security posture is up-to-date with prevention and detection measures as well as develop and maintain good network hygiene, which includes systematic patching and updating of vulnerable systems, and replacing outdated technologies that are no longer supported.
Implement Internal Segmentation Firewall (ISFW)
CSIOs in healthcare organizations need to implement internal segmentation firewalls (ISFWs) as the landscape of networks is wide open and flat. ISFWs operate inside the network instead of at the edge, allowing healthcare organizations to intelligently segment networks between patients, administrators, healthcare professionals and guests. ISFW can also identify types of devices – for example, between a patient information system and a life-saving heart monitor or infusion pump. It can then prioritize interconnected medical devices that need the highest degrees of protection and monitoring, and inspect and monitor all traffic moving between segments, all without impacting performance.
Establish a Dedicated Team
A dedicated team should be put in place to uncover the latest threat intelligence so that real-time threat and mitigation updates can be made expeditiously, before cybercriminals take advantage of any weaknesses in connected IoT devices or the critical services they provide.
“Cyber-attacks will continue to be a threat for healthcare providers, and likely in greater volumes going forward. The resulting overall downtime, incident response and legal fees, as well as long-term reputational damage can cost hospitals millions and keep them from providing high-quality care to patients. The best course of action is to ensure every hospital has a robust, integrated security strategy that is designed to detect and mitigate cyber-attacks in real-time,” concluded Rajesh Maurya.