Partner Perspectives  Connecting marketers to our tech communities.
SPONSORED BY
2/21/2018
09:00 AM
Chris Park
Chris Park
Partner Perspectives
0%
100%

Getting Started with IoT Security in Healthcare

There's a hazard that comes with introducing any new element into patient care whether it's a new drug or a connected device. These four steps will help keep patients safe.

It’s estimated that by 2025, more than 30 percent of all Internet of Things (IoT) devices will be dedicated to the realm of healthcare – more than in retail, transportation and the personal security sectors combined. Already today, practitioners are using IoT tech to conduct portable monitoring, enact electronic record keeping initiatives, and to apply drug safeguards – all efforts that are streamlining operations and delivering safer, more comprehensive care to patients.

Through 2018, the healthcare industry is expected to save more than $100 billion in operating costs thanks to connected devices. But operational expediency is only part of the larger story of how IoT tech is having such a huge impact on this industry.

There’s a hazard that comes with introducing any new element into patient care whether that’s a new drug or a connected device. Consequently, caregivers need to view new technologies through the same lens they do with the medicines or techniques they adopt by only changing methods and tools once they’ve been vetted and assured to actual deliver a benefit to patients.

But it’s a bit more complicated where healthcare IoT is involved since it’s not just the ability of these devices to operate effectively that’s a concern for patients and doctors. There are also serious questions around how secure these IoT tools are from outside threats, threats that could jeopardize patients’ wellbeing and personal security.

Here are four steps security teams can follow before introducing IoT devices onto their healthcare networks.

Step 1: Decide whether you want devices to use the same connectivity of the larger healthcare network, or if it makes sense to architect and manage a dedicated IoT network to support these new technologies. Depending on the scope of the existing network, it may be preferable to task a separate IT team with managing the IoT network, leveraging dedicated secure web gateways and defenses to parse the “high-volume” traffic that characterize IoT communications.

Step 2: Before introducing a device onto the network, teams should ensure that they are installing a two-factor authentication system, which is a standard for meeting HIPAA compliance as well as a best practice in the realm of Health IT.

Step 3: Intensive encryption is a must for IoT, especially considering the spontaneous nature of IoT communications, in that a device could be at rest for long periods of time before suddenly "waking up" and sharing data with a beacon or sensor in transit. As we explained in a recent article on the topic, full disk encryption won’t cut because it doesn't protect data in motion. This leaves important data vulnerable to bad actors.

Step 4: While an inventory of all the IoT devices on the network is a must, teams would be wise to take it a step further by flavoring this list with greater context. As IoT adoption ramps up, security teams should be able to easily reference where data resides in a "data bible," or "data dictionary" showing where data originates, where it travels and the transmission capabilities of each device.

Healthcare IoT can be transformative in seemingly endless ways, from automating mundane tasks to simplifying the most complicated ones. But these tools are only as useful as they are secure, and implementing best practices on day one is the smoothest path to reaping IoT’s rewards. 

Chris Park brings more than 13 years of experience in corporate network security to his position as CIO at iboss, where he is responsible for creating and driving the company's IT strategy. As resident expert in all aspects of iboss solutions and infrastructure, Chris is ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
'PowerSnitch' Hacks Androids via Power Banks
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/8/2018
Higher Education: 15 Books to Help Cybersecurity Pros Be Better
Curtis Franklin Jr., Senior Editor at Dark Reading,  12/12/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
10 Best Practices That Could Reshape Your IT Security Department
This Dark Reading Tech Digest, explores ten best practices that could reshape IT security departments.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-6705
PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.
CVE-2018-15717
PUBLISHED: 2018-12-12
Open Dental before version 18.4 stores user passwords as base64 encoded MD5 hashes.
CVE-2018-15718
PUBLISHED: 2018-12-12
Open Dental before version 18.4 transmits the entire user database over the network when a remote unathenticated user accesses the command prompt. This allows the attacker to gain access to usernames, password hashes, privilege levels, and more.
CVE-2018-15719
PUBLISHED: 2018-12-12
Open Dental before version 18.4 installs a mysql database and uses the default credentials of "root" with a blank password. This allows anyone on the network with access to the server to access all database information.
CVE-2018-6704
PUBLISHED: 2018-12-12
Privilege escalation vulnerability in McAfee Agent (MA) for Linux 5.0.0 through 5.0.6, 5.5.0, and 5.5.1 allows local users to perform arbitrary command execution via specific conditions.