The Internet of Things is a game-changer in the present and future of the healthcare, with its many and various potential applications to be deployed in every aspect of medicine. But what about security?
As we have seen already, IoT is used in medical devices such as pacemakers and insulin dispensers, but IoT is also used in hospitals for real-time location services, through the use of badges to track patients, staff, and medical devices. In terms of environmental monitoring that support healthcare, IoT is used to control rooms and refrigerators’ temperatures, or simply to monitor hand-hygiene (TechTarget, 2015). Many components are in play to have all these devices connected, and the failure of one of them it’s enough to take the system down.
So, we can deduce that the implication of one of these devices being compromised, could threaten a human life. The number of security risks is constantly increasing and as the Internet of Things comprises devices that communicate through the Internet, it means that they are exposed to the same threats that affect other Internet-connected devices (Lewis, 2015).
If we consider a basic infrastructural problem, we can already identify few areas with issues. Indeed, a shortage of power can affect any layer of an IoT communication, such as servers, local broadband or devices themselves. If any of these situations happens, here is where we could have the first problem. It’s obvious, but sometimes people fail in preventing most evident situations. A majority of risk management breaches are still human related, as stated in an article from the Federal Time “…at least 50 percent of breaches and leaks are directly attributable to user error or failure to practice proper cyber hygiene” (Boyd, 2015). With the enormous digitalisation around medical information, a lost laptop could now expose millions of people to potential harm, compared to the thousands of only 10 years ago (Kam, 2015). As demonstrated by Stachel et al., another problem could be created by radio frequencies (RF) (Stachel et al., 2013). With the increase of IoT devices increases risks of hazardous situations of electromagnetic interferences on implanted devices (Stachel et al., 2013).
Moreover, anything that would disrupt the connection of the devices to the Internet (such as distributed denial-of-service attacks) or will intrude, retrieve, and modifying sensitive data, or would permit to take remote control of a device, is considered as extremely dangerous. Could you imagine if someone would be able to hack your pacemaker or your insulin dispenser, and alter their function? Now, we can relate to why in 2007, the Ex-Vice President of the U.S., Dick Cheney, disabled the WiFi in his pacemaker, fearing a terroristic attack (Cbsnews.com, 2013). Healthcare enterprises and hospitals should carefully plan the implementation of IoT devices in their modus operandi, focusing especially on security implementation and control.
Regardless if the threat is malicious or not, a threat is a threat and with life at stake, it’s always better to take extra precautions than usual.
Boyd, A. (2015). The user knows nothing: Rethinking cybersecurity. [online] federaltimes.com. Available at: http://www.federaltimes.com/story/government/cybersecurity/2015/04/14/the-user-knows-nothing/25776507/ [Accessed 29 Nov. 2016].
Cbsnews.com. (2013). Dick Cheney calls his current health “a miracle”. [online] Available at: http://www.cbsnews.com/news/dick-cheney-calls-his-current-health-a-miracle/ [Accessed 29 Nov. 2016].
Kam, R. (2015). The Biggest Threat To Data Security? Humans, Of Course. [online] Iapp.org. Available at: https://iapp.org/news/a/the-biggest-threat-to-data-security-humans-of-course/ [Accessed 29 Nov. 2016].
Lee, K. (2015). Emerging IoT technologies in healthcare. [online] Internetofthingsagenda.techtarget.com. Available at: http://internetofthingsagenda.techtarget.com/video/Emerging-IoT-technologies-in-healthcare [Accessed 29 Nov. 2016].
Lewis, N. (2015). Prevent IoT security threats and attacks before it’s too late. [online] IoT Agenda. Available at: http://internetofthingsagenda.techtarget.com/tip/Prevent-IoT-security-threats-and-attacks-before-its-too-late [Accessed 29 Nov. 2016].
Stachel, J., Sejdic, E., Ogirala, A. and Mickle, M. (2013). The impact of the internet of Things on implanted medical devices including pacemakers, and ICDs. 2013 IEEE International Instrumentation and Measurement Technology Conference (I2MTC).
TechTarget, (2016). Internet of Things in the Enterprise – Your expert guide to getting started with IoT. [online] TechTarget. Available at: http://media.techtarget.com/digitalguide/images/Misc/EA-Marketing/Eguides/IoT_in_the_Enterprise.pdf [Accessed 29 Nov. 2016].
Image Courtesy of Rob Donnelly for Slate.com