Article written by Micro Focus

The era of Internet of Medical Things (IoMT) is only beginning and with the novel coronavirus pandemic on the verge of a second wave, reliance on such devices will increase. Unfortunately, such an expansive landscape of insecure internet-connected systems collecting sensitive personal information along with access to internal networks is a target for hackers. Since May of this year, cybercrime in the healthcare sector has increased 300% from the previous year.

The Benefits of Technology in Healthcare

Imagine a world where a patient’s fitness routine and daily habits are seamlessly transferred to their healthcare provider prior to an appointment. That data would then be combined with historical data, information collected during medical exams, hospital visits, blood test results, etc. in near-real time to provide an accurate diagnosis of the patient’s current health and flag anything requiring further analysis.

Or imagine a code blue alert due to low blood pressure versus a cardiac arrest, the valuable minutes that would normally be lost during triage can be dedicated to stabilizing the patient. These are a few examples of why internet-connected devices are invaluable to the healthcare industry.

Increased efficiency and accuracy can be delivered through technology like real-time monitoring, smart pills, smart home care, or robotics additional uses.[1] The IoT healthcare market is expected to grow to $188.2 billion by 2025[2], which represents hundreds of millions to billions of devices that will communicate with one another (including life support systems), big data analytics platforms and the cloud.

What About the Risks?

The era of Internet of Medical Things (IoMT) is only beginning and with the novel coronavirus pandemic on the verge of a second wave, reliance on such devices will increase. Unfortunately, such an expansive landscape of insecure internet-connected systems collecting sensitive personal information along with access to internal networks is a target for hackers. Since May of this year, cybercrime in the healthcare sector has increased 300% from the previous year.[3]

The purpose of these attacks is to steal personal health information, COVID-19 vaccine research and development, to move laterally within the network, and gain further data and access. The below list provides an overview of some of the key risks in IoMT:

• Legacy firmware and operating systems – Availability is a priority within the IoMT space, leaving minimal time to upgrade firmware and operating systems. Beyond just availability, updates are not considered a critical requirement by OEMs.
• Insecure applications running on IoMT sensors – Though OEMs may follow Agile or DevOps methodologies, security isn’t included in the process resulting in vulnerable code running on medical devices.
• Provides access to internal network/systems – IoMT devices are connected to internal networks resulting in areas of weakness that will allow for threats to bypass healthcare network security controls.
• Collecting sensitive health data – Insecure IoMT devices may collect or process personal health information that could be used for blackmail or sold on the black market. With Healthcare having the highest cost of any industry ($7.13 million),[4] there is a significant risk if a breach were to occur.

How can IoMT be Secured?

In order to address these risks, it helps to bring healthcare practitioners and cybersecurity experts together to understand the issues that they are facing and agree to what is needed. In the past, cybersecurity professionals have focused on Confidentiality, Integrity, and then Availability, the core information security principles according to ISC2. When it comes to IoT Availability and Integrity are the most crucial.

If we do not look at all the devices from an Enterprise Architecture point of view, we will be myopic in our focus. When analyzing the environment, it is important to not only know what device is on the network, but the configuration of the device and the data it is sending. Here are key steps to securing IoMT:

This is a high-level summary of how to protect and secure IoMT sensor as well as the associated healthcare systems and networks. With the current pandemic and the associated reliance on the healthcare system, it is very important to protect and monitor for risks in this environment.

Micro Focus provides security solutions and services direct and through our partners to ensure that healthcare organizations are resilient in the face of digital adversity. Our offerings span DevSecOps, behavioral and security analytics, access controls and data security to focus on what matters most. Let us help you intelligently adapt your security. Protect. Detect. Evolve.

[1] https://www.i-scoop.eu/internet-of-things-guide/internet-things-healthcare/
[2] https://www.techrepublic.com/article/2025-forecast-global-iot-looks-good-a-188-2-billion-opportunity/
[3] https://www.bloomberg.com/news/articles/2020-07-16/covid-cold-war-flares-up-with-claims-of-russian-vaccine-hack
[4] https://whitepapers.theregister.com/paper/view/9773/ponemon-report-2020-cost-of-a-data-breach-report