Connected devices have become a prevalent phenomenon in the consumer space and have made their way into healthcare. With the need to capture patient health data and provide different capabilities for hospital staff, health IT has seen an increase in demand for the Internet of Things. But IT professionals still remain cautious as they evaluate IoT medical devices in the marketplace, primarily due to security concerns. The risks with IoT are exponentially more dangerous in a healthcare space than those in the consumer space.
Patients today are likely to interact with a number of different connected devices during the care episode. Whether it is during their stay at a hospital or a short visit with their physician, patients are using multiple devices that continuously transmit information to some centralized system. The devices range from MRI machines, Carm, smartbeds, medication dispensing carts, vitals monitoring equipment and many more. These devices have been around for some time, but with the popularity of IoT medical devices, there are an increasing number of endpoints being introduced into the hospital environment.
One of the main challenges the security team faces with the different connected endpoints is the lack of tools to manage them all. As a result of having devices from different vendors, many of these technologies require different methods to update and patch them, which puts a significant burden on IT. The challenge also stems from the complexity associated with upgrading device firmware, which is traditionally a manual process. For the IT team, learning how to perform maintenance tasks for multiple systems requires too much effort.
Another challenge IT faces is the maintenance of these devices once they leave the hospital network. With a number of new use cases where physicians are sending patients home with medical devices or wearables, these endpoints require just as much maintenance as their counterparts in the hospital network. Patients are using these connected medical products to capture EKG readings, record medication levels, sense fall detection and act
as telehealth units. It would be unrealistic for hospital IT staff to make house calls any time soon, but CIOs must recognize that the security and maintenance of those devices is just as critical as the ones located within their facilities.
To address some of the challenges highlighted when it comes to managing connected devices, several technology companies are offering platforms to help solve the problem. Intel, for example, helps organizations by securing a number of different IoT medical devices and ensuring that the information is transmitted securely to its final destination. Microsoft, on the other hand, is leveraging its existing Windows Update mechanism in its new Windows 10 IoT Core, which is used in a number of IoT devices to help ensure the system is continuously updated and patched, while still offering strong encryption capabilities at rest and during transport of the data. One final example is Kaa, which is an open source IoT platform that can assist with monitoring device operations, device configuration, inventory of assets and remote software or firmware updates.
With more connected devices coming up frequently and hospitals increasingly evaluating and adopting some of them, securing these devices has not been receiving enough attention, and the lack of any standard security policy in place is concerning. Hospital CIOs must be cautious as they engage in rolling out IoT medical devices and IT must have a plan in place to secure the devices and protect them from surface attacks and cyber threats.
By Red Chouffani, 08/19/2016, in SearchhealthIT.com