There have always been security challenges involved with the Internet of Things (IoT), but the recent pandemic has definitely kept IT professionals on their toes. COVID-19 introduced a host of security issues that won’t disappear anytime soon. Some of the overarching key issues include:

  • Less visibility, less control, and more vulnerabilities as a result of remote workforces and bring your own device (BYOD) policies.
  • Malicious attackers finding entry points with least resistance by exploiting the expanding attack surface with IoT, cloud, and 5G.
  • Different protocols that are often vulnerable and not interoperable due to a lack of patching and updates, as providers of devices are fragmented and lack consensus on common standards.

The healthcare and medical industry is simultaneously one of the most vulnerable and most important sectors in Australia. At a time when the focus is on increased patient care, attackers are looking for weak spots. While the pandemic is somewhat under control in Australia, fluctuations due to the rollout of the COVID-19 vaccine are likely to give attackers another entry point into scamming organisations and individuals.

For example, in March 2021, Eastern Health, the operator of four hospitals in Melbourne’s east, was hit by a cyber-attack forcing it to postpone certain elective surgeries. It is believed the cause was a ransomware attack. Had this attack been on a much bigger scale, the result could have seen the loss of life due to urgent life-saving surgeries being put on hold.

Medical staff are reliant on devices to save human life and often security is not always included in the device acquisition or implementation phase, but rather as an add-on feature. The lack of embedded security features increases the risk of human error, which can be anything from poor system configuration to the absence of audit logs, unauthorised access control or even a lack of processes surrounding the device’s use.

IT security teams within the healthcare and medical sector are often kept in the dark when it comes to changes in infrastructure. There is a lack of visibility due to a range of different types of medical devices being connected to the network. Gaps in education of healthcare staff as well as IT security policies and procedures results in staff making unintentional errors that increase exposure to security risks. This can include improper handling and storage of patient files, a soft spot for cybercriminals in search of weaknesses to exploit.

According to the 2020 ACSC healthcare snapshot, other reasons the healthcare and medical sector is at risk include:

  • its highly sensitive personal data holdings.
  • its valuable intellectual property on technology and research, particularly those relating to COVID‑19 vaccine research and development.
  • the criticality of services delivered by the health sector.
  • the pressure on health sector organisations to maintain and, if disrupted, rapidly restore business continuity.
  • public trust in health sector organisations, particularly those linked to Government services.

Like every other industry, IoT has been widely used in the healthcare industry for patient monitoring and providing better healthcare services. The ability to store and gather data in real time means that patients can be treated promptly. This is extremely important in certain situations such as when patients are at risk of heart failure, where their heart rate and pulse need to be closely monitored.  IoT adoption adds to the superior delivery capabilities of any hospital through more nuanced understanding and status updates. This covers not only about patients’ treatment and care, but also extends to better connectivity with multiple suppliers and stakeholders.

IoT allows for flexibility and agility of healthcare organisations where not only financial loss but loss of life are risk factors. The healthcare industry must allow for investment in IoT to ensure they keep ahead of the game and protect themselves and their patients from any risk or harm.

The good news is that while IoT increases risks for the healthcare and medical industry, it also allows for research and improvement in combating these threats. Thanks to machine learning and other Artificial Intelligence-based technologies, security teams now have some great advantages that were thought to be humanly impossible just 10 years ago.

If you’re a healthcare looking to boost your organisation with the latest IoT devices, we offer a specialised IT Procurement service that helps you make cost-effective purchases. We offer flexible payment options with Tier 1 vendor suppliers, meaning you can onboard market-leading IoT devices in your organisation at best value for money.