The adage, “an apple a day keeps the doctor away,” has, according to The Washington Post, been around since the 1860s. Its simple, rhythmic cadence is a useful reminder to eat healthy and be well. And since its first introduction, we have vastly improved on our cognizance of both health and medical devices.
For these improvements, we can thank shared knowledge. That network of understanding has provided fertile ground. And, if all goes according to plan, it’s about to provide more.
We are on the verge of realizing a new advanced medical future, in which medical records can be accessed anywhere, appointments can be made with the click of a button, and prescriptions can be delivered to your doorstep. It’s what we in the security industry refer to as “networked healthcare,” or the Healthcare Internet of Things (IoT).
The healthcare IoT is a lot like the usual IoT—a collection of devices which connect to one another and the Internet for better analysis, efficiencies and usage. This has the potential to transform how we provide care to those most in need. In fact, society stands to gain some major benefits from a healthcare IoT. According to General Electric, the United States could save as much as $63 billion in costs over a 15 year period—not to mention better medical care and quality of living.
Wireless implants can automatically inject insulin for diabetic patients. Heart pumps can carefully send calibrated shocks to keep hearts pumping. But we have to secure these healthcare IoT devices before we can see those benefits realized.
For example, the insulin pumps I mentioned earlier could, potentially, be lethally hacked from up to 300 feet away. The heart pump, too, could be reprogrammed to harm someone, rather than help.
And that’s not all.
According to our own research, 44% of all registered data breaches in 2013 targeted medical companies (and with healthcare data worth 10x more than credit card data, the reason for the attacks is clear). Financial losses in the healthcare industry due to security incidents increased 282% in 2014. Reported information security incidents jumped by 60% in 2014. Finally, only about 60% of healthcare organizations have conducted basic risk assessment tests for their IoT devices.
There’s a lot of work to be done before we can enjoy the full benefits derived from the healthcare IoT. That’s why we at McAfee, along with our friends at The Atlantic Council, are working towards establishing a more secure healthcare IoT future.
This starts with having security baked into the devices themselves. With this approach, doctors and scientists can issue safe updates to devices and prevent them from being tampered with. Additionally, more coordination between public and private healthcare organizations is necessary. With collaboration, we can make these devices more secure for everyone. We also need a more streamlined medical approval process for new devices. By developing new devices built with security in mind, out the door faster, we can replace older, more insecure devices currently in use today.
Securing the healthcare IoT will require a lot of work. But it’s work that needs to be done. If you’d like to learn more about the healthcare IoT, its risks and its proposed solutions, check out The Atlantic Council’s analysis here.
Personally, I’m excited to see how technology, rapidly grown within the past decade, will be applied to the medical field. The Internet of Things can, and should, help nearly everyone live longer, easier and better lives. But we do need to see it secured first.
About the Author
Categories: Consumer Threat Reports