What Are the Main Cybersecurity Challenges in Using IoT in Healthcare?
The use of Internet of Things (IoT) in healthcare poses cybersecurity concerns such as insufficient device security controls and increased attack surface.
What is IoT in Healthcare?
Often referred to as Internet of Medical Things (IoMT), IoT in healthcare refers to the use of IoT technology in the delivery of patient care. This includes the use of connected devices, sensors, and systems to collect and transmit data for various purposes, such as monitoring patients’ health, improving medical treatments, and streamlining healthcare processes.
Examples of applications of IoT in the healthcare industry include wearable devices (such as heart rate sensors), connected medical equipment (such as smart infusion pumps), and patient communication and engagement (tablet devices). IoT devices — along with operational technology (OT), such as HVAC and other building management systems — contribute to the expanding attack surface in healthcare
Top Healthcare Iot Security Challenges
Here are some of the cybersecurity challenges in using IoT in healthcare:
- IoT devices such as webcams, infusion pumps, and tablets connect to hospital networks but are not actively managed and secured from an IT perspective — for example, through the use of security agents. Many IoT devices can’t accommodate the installation of agents or be easily patched, posing increased security risks. Many medical devices are limited by FDA certifications and other IT security methods, such as active scanning, can make sensitive medical devices crash.
- With IoT technology often lacking built-in controls, attackers can use these devices as an entry point into a hospital’s systems. From this point cybercriminals can move laterally in the hospital network to gain unauthorized access to systems that house patient information and other sensitive data.
- Healthcare is one of the industries most vulnerable to cyberattacks due to its sensitive nature. In addition to the high costs of a breach, attacks such as ransomware can cause operational disruption and delays in patient care.
- Healthcare data security breaches risk exposing personally identifiable information (PII) and protected health information (PHI), which are protected under the Health Insurance Portability and Accountability Act (HIPAA).
Read our IoMT playbook for an in-depth look at the challenges of IoT healthcare cybersecurity.