Patient safety at risk from insecure Internet of Things devices

Irdeto research reveals health sector lacks the resources and expertise to tackle cyber security threat posed by connected devices

Are Internet of Things-connected devices as safe as they can be from cyber criminals?

Use of the Internet of Things (IoT) is booming, with IHS Markit forecasting there will be 73 billion connected devices in use around the world by 2025.

And, in recent years, and even moths, IoT technology has moved beyond speakers and smart fridges and is increasingly being utilised for critical applications across the healthcare industry, like insulin delivery devices, connected inhalers, and even cancer treatments.

However, a report from digital platform security specialist, Irdeto, reveals the healthcare sector is severely lacking the resources to tackle a growing cyber security threat, and consequently patient safety could be at risk.

Healthcare organisations often don’t have the expertise internally to ensure the connected devices they are using within their organisations are secure

The company’s latest research – which surveyed security decision-makers at global healthcare organisations to gauge perceptions of IoT security – found that 82% of organisations experienced an IoT-focused cyber attack in the last 12 months; and nearly a third of those reported compromised end-user safety as a result.

The report also revealed that only 6% of healthcare organisations have everything they need to tackle IoT cyber security challenges, with an urgent requirement for increased skills and more budget for security identified.

IoT devices are often targeted by cyber criminals as they are much easier to compromise than businesses’ more-sophisticated perimeter cyber defences.

“The problem is that growth in the use of IoT has far outstripped the increase in trained professionals emerging”, said Steeve Huin, vice president of strategic partnerships, business development and marketing at Irdeto.

“As a result, healthcare organisations often don’t have the expertise internally to ensure the connected devices they are using within their organisations are secure.

Findings from the report revealed:

  • 90% of those hit by IoT-focused cyber attacks experienced an impact, the most common of which was operational downtime (43%). Also noticeable is that 30% of attacks compromised end-user safety
  • 96% believe their organisation has some form of cyber security vulnerability, with 42% identifying IoT devices as the biggest threat; and a quarter of healthcare organisations identifying their greatest cyber security weakness as their own employees
  • 98% of all healthcare organisations believe the cyber security of IoT devices could be improved
  • Over one in four manufacturers of IoT devices for healthcare only update the security of devices they manufacture while they are in warranty. One in five leave it to the customer to install updates

Huin adds: “IoT cyberattacks will continue to be prevalent as use of IoT devices grows.

Manufacturers have a greater responsibility when dealing with potentially-critical IoT in healthcare, and thus need to move away from the traditional ‘build, ship and forget’ mindset and incorporate multiple layers of security into the devices they manufacture

“However, as they are increasingly used in mission-critical scenarios in industries like healthcare, the impact of operational downtime and compromises to end-user safety become far greater than just a financial cost.

“Securing each and every potential ‘entry point’ is critical to ensure the integrity of a business’ network as a whole.

“Manufacturers have a greater responsibility when dealing with potentially-critical IoT in healthcare, and thus need to move away from the traditional ‘build, ship and forget’ mindset and incorporate multiple layers of security into the devices they manufacture.

“The consequences of failing to properly secure healthcare IoT devices are real, and need to be taken seriously.”

Companies