Security and privacy are incredibly important topics when we talk healthcare because the data being collected and exchanged is so intimate and personal. That is why for this column I am going to take a closer look at the hurdles of facing the aging-in-place issues over data and device security, as well as privacy.
It’s no surprise that many people are finding themselves asking the question, how much risk are we talking about when we discuss IoT (Internet of Things) healthcare solutions? Candidly, from the reports that I have reviewed these concerns are not overblown. Cybersecurity is a major issue in healthcare, and it seems to continue to be trending downward.
McAfee Labs’ research even supports this finding. Its report indicates healthcare has experienced a 211% increase in disclosed security incidents last year. In analyzing the research, McAfee actually cataloged 478 new cyber threats every minute and, on average, that means there are eight new threat samples per second. That is a stunning statistic.
Healthcare appears to have been a prime target during the last quarter of 2017. And here’s why. McAfee’s threat research analysts actually put on their white hats and looked into possible attack vectors related to healthcare data. These analysts were able to unearth sensitive images that allowed them to reconstruct patients’ body parts and even print three-dimensional models of them.
Cybercriminals continue to prove that they are brilliant at attacking our cyber walls, and they’re willing to adapt in order to outsmart the systems we’re putting in place to protect ourselves, our businesses, and our data.
But going any further, the healthcare space needs to protect itself against these threats. Let’s look at the medical-device security segment.
Common connected-medical devices include infusion pumps, which deliver fluids, including medications, to a patient’s body; imaging systems like X-Ray, ultrasound, and MRI machines; and patient monitors, to list just a few.
Connected-medical devices are being used in hospitals, nursing homes, and other care facilities, as well as in patients’ homes.
When we delve into the types of security issues the space is having with connected-medical devices, research from Zingbox shows that the most common problems are actually: 1) user practice issues, and 2) outdated software.
The reason for highlighting this reality is because it’s important to realize that even though cybercriminals are cunning, the most common threats to medical device security are actually preventable.
End users are making mistakes and/or not being diligent about updating their operating systems, nixing obsolete applications, and patching firmware when presented with the opportunity.
So as much as it’s easy to blame the bad guys for the surge in healthcare-related security incidents we all witnessed last year, the fact remains some of the onus has to be placed internally on what companies and employees and not doing that’s leaving the door wide open.
On the organizational level, businesses and organizations need to do everything they can to comply with industry best practices regarding security. They also need to stay on top of evolving threats and address known vulnerabilities in medical software as soon as possible.
This is, of course, easier said than done. If it was simple, we wouldn’t still be writing all about it, would we? Not to mentioned hearing about all the horrible horror stories that continue to be released.
There is another key point that needs to be addressed. America is aging. And a vast majority of retirement-age individuals want to stay in their homes as long as possible. Connected-medical devices and other IoT-enabled technologies are going to make this happen for them.
We will all learn some very painful lesson before about the importance of security and privacy before this is all said and done.
Almost everybody values privacy, and this is particularly true for older adults. For instance, research from AARP says Internet users of all ages express high levels of concern about data privacy and security. However, people 50 and older are more likely to say they’re “very concerned” about it.
And, as I have outlined in this column many time before, some of the biggest vulnerabilities are actually just oversights on the part of the end user, whether that’s a hospital, a physician, or a patient. Password creation is still a big problem for consumers who are using things like “abc” and “123” and thinking that’ll be good enough to protect their devices.
Older adults are much more likely to find the password-creation process frustrating and overwhelming, putting this demographic at greater risk, generally speaking.
We all know what needs to be done on an organizational level, but how about on an individual level? Frankly, we need to make sure end users are educated about how to protect themselves from vulnerabilities to the best of their ability; whether we are talking about the young at heart or the tech savvy individual; and this is especially true for adults who are using connected-medical devices and other connected devices and systems in their homes to help them stay safe.
We all are painfully aware that talking about cybersecurity can seem foreboding. In fact, I might even be pushing a bunch of doom and gloom on anyone who is reading this blog. But make no mistake, if you do not take this serious enough you just might be the next person or company to say, ‘Darn it, I should have just taken the time when I was reading her blog.’
It is very true that every time we see a lot of great progress in terms of IoT innovation or adoption, we also tend to see a surge in cybersecurity risk and it seems like we can’t have one without the other.
However, as long as we keep talking about the threats and refusing to let our guard down, there’s no reason the risk needs to slow progress in healthcare or aging in place. As I always say, ‘With great technology, comes great responsibility.’ Let’s just put the control back into our hands and leave the bad guys to focus on each other instead.
Want to tweet about this article? Use hashtags #M2M #IoT #healthcare #blockchain #security #data #cybersecurity #cyberattack #AI #analytics #machinelearning #bigdata