It’s an exciting time in medicine. Technology is constantly making healthcare more accessible, more precise, and more convenient. For instance, IoT in healthcare can increase hospitals’ efficiency in many ways. But you should also be prepared for the risks it brings.
Benefits of IoT in Healthcare
First, let’s cover some benefits hospitals are already getting from IoT in healthcare. In other words, these are what may make the risks worth it.
Safety: Boston Medical Center gives newborns wristbands that allow a wireless network to locate them. If someone takes a baby too close to the exit without signing out, the elevators stop and the doors lock. They’ve also deployed IoT so that nurses receive critical alerts about patients’ medical conditions. This enables them to go help patients more quickly.
Automatically dispense medication: Many hospitals have begun to use wireless infusion pumps. Traditionally, doctors and nurses had to physically touch every infusion pump. This gets complicated when the hospital has hundreds of pumps to manage. Wireless infusion pumps allow staff to dispense and change medication through the wireless network, saving tons of time.
Improve patient experience: Florida Hospital Celebration Health tags patients coming in for surgery with real-time location system (RTLS) badges that track their progress throughout the entire process. Family can monitor the progress on a large monitor in the waiting room. (Patients are anonymous to comply with HIPAA privacy requirements.)
Manage staffing better: Hospitals can also use RTLS systems to analyze and optimize workflows, which helps organize staffing levels. This results in guaranteed on-time starts for surgeries, and minimizes increases to individual workloads when the hospital introduces new services.
IoT Healthcare Risks & Challenges
As with any internet-connected device, IoT healthcare devices are vulnerable. Unfortunately, though, IoT device manufacturers often don’t have security experts on staff. With healthcare, this is especially concerning because the risks are potentially life threatening.
For starters, many publications have already reported critical vulnerabilities with wireless infusion pumps. They can be infected by malware, but traditional malware protection could inhibit the pumps’ operation.
Then there’s the trend of keeping default credentials. In an article by Kristen Lee of TechTarget, Scott Erven tells an alarming story:
“There were two individuals in Austria in a hospital that were hooked up to an infusion pump and felt their pain management wasn’t under control. These pair went online, found service documentation, got the hard-coded service credentials to their infusion pumps, logged in and upped their doses. The overdoses caused respiratory problems… That isn’t something that requires advanced understanding or knowledge of a device.”
This goes beyond the threat of a malicious outsider—the patients themselves can also be a danger. Basic security hygiene can go a long way. An application inventory and a way to keep track of where all your data is are also important, as IoT can dramatically increase the number of devices on your network. We also recommend a least privilege approach.
Concluding Thoughts
While you will never be able to prevent all breaches, you should be able to take advantage of new technology to improve your organization. The balance of risk vs. reward will differ from place to place. But whatever risk you take on, it will help to know how to respond when the inevitable does happen—and it’ll happen even without all the new gadgets.
We happen to pride ourselves upon helping network & security pros manage both opportunity and risk. Healthcare organizations around the world have used our system, Scrutinizer, to reduce risk, optimize their networks, and prepare for expansion. Check out the free edition of Scrutinizer here.