IoT Predictions 2019-There will be an estimated 14.2 billion connected devices in use this year, and roughly 161 million devices will be cropping up in hospitals, clinics and medical offices by 2020. While security issues with any connected device are concerning, they are particularly troubling for an industry that has such a direct impact on patient safety and lives. In fact, patient safety was the top medical device security concern in the 2018 HIMSS Cybersecurity Survey.
We’ve seen a number of attacks targeting health care, including the Orangeworm group, which installed backdoors in health care organizations around the world last year, and the WannaCry and NotPetya ransomware, which shut down hospital computers and diverted ambulances around the world.
Medical records are an attractive and lucrative target for attackers because of all the different types of personal information they contain that can be used for identity theft and fraud. There have even been numerous data breaches involving medical organizations, and these typically result in hefty regulatory penalties and fines. In addition, there are other dynamics happening in the health care industry right now that are putting pressure on organizations, such as the nursing shortage (registration required). For example, we’ll see administrators turn to technology — in particular, medical internet of things (IoT) devices — to help them give existing staff tools to do their jobs more efficiently and with fewer manual tasks.
As we start the new year, I sat down to consider what I expect to see in the following months in this burgeoning connected device space. Here are six security predictions I have that will impact health care environments and their connected devices:
1. IoT Adoption Will Spike In Health Care
Connected medical devices give clinicians the tools they need to deliver better cutting-edge care. That explains one estimate that nearly 87% of health care organizations will have adopted IoT by the end of this year. But the increasing number of these devices in hospitals, clinics and in the field creates a huge attack surface that could impact patient safety and protected information. Over the next year, health care organizations will face these challenges by increasing their investments on security products that keep devices and networks safe from attacks.
2. Hospitals Will Become Primary Targets
The recent WannaCry and NotPetya attacks show us how exposed health care delivery organizations (HDO) are to attacks on connected devices. Since HDOs remain largely unprepared, and because attacks like these are lucrative for attackers, we unfortunately can expect to see more attacks like these throughout 2019.
3. IoT Health Care Attacks Will Evolve In Sophistication
New medical and diagnostic equipment is designed to connect — often in multiple ways and through multiple protocols. It’s not just Wi-Fi but Bluetooth and BLE connection protocols as well. And with these devices unprotected by traditional security solutions, they present a large, fresh attack surface where the goal will move from data exfiltration to data and device manipulation. Sadly, we have already seen such issues. This is why patient safety continues to be the top concern with these new devices.