MIAB logo

Use of IoT (Internet of things) technology leads to greater security risks

There is no doubt that the growing use of mobiles, internet enabled devices and the interconnectedness of devices sharing data offers many benefits to society. IoT is the generic umbrella term that refers to these connected physical and digital components. The expanding network of internet-connected devices such as digital monitors, are transforming healthcare, helping us to work smarter and gain control over our lives both at home and in work, by connecting machines, employees and processes and providing vast volumes of data. By facilitating medication delivery, remotely capturing medical data and enabling digital health applications, the IoT delivers greater convenience and functionality to patients and their healthcare providers.

We are also using our own devices much more for work activities. Since the Pandemic we have radically changed how we work, with nearly half (48%) 1 of the UK workforce now doing some work from home during April 2020.

The ability to work from any device has certainly made access and mobility easier. Unfortunately the use of IoT and personal devices also give hackers more doorways into networks. Any virus in a single device can potentially infect an entire IoT system. Malware targeting Internet of Things (IoT) devices has risen to 20.2 million, up 50% from this time last year globally, according to figures from Sonic Wall2.

During 2020, experts estimate the installation of 31 billion IoT devices. Forecasts vary but trends suggest that by 2025 there will be estimated 75billion IoT devices worldwide3. Critical medical devices which traditionally were never part of the core IT infrastructure are now becoming exposed to threats when linked to the internet of things (IoT).

The IoT can now include heart pacemakers, fetal monitors, blood glucose and medication monitors. There are even smart wound care devices using flexible bioelectronics, CoughAware listening devices for Asthma or COPD sufferers to digital oscilloscopes. The latest care robots and intelligent home camera systems access the internet for tracking seniors at home.

From wearable devices that tell us how many steps we’ve taken, to ingestible electronic pills that monitor and transmit vital signs, these products have the potential to help us live healthier, longer lives. The medical sector has even coined its own acronym for these devices: IoMT, for the Internet of Medical Things. But, they also pose huge risks, not least in terms of cyber security.

Not so Smart Devices

Wearable technology like Fitbits, introduce more devices to the market that patients can use to monitor activities, vital signs and several healthcare readings. Ironically, whilst it is designed to improve patient wellbeing and optimising routine data collection, it makes networks far more vulnerable to cyber-attacks, creating both opportunities and risks.

For example, wearable cardiac monitors could have medical readings uploaded to a cloud. If cloud security is not updated it could create vulnerability. If hackers gain entry, they could then sell or demand a ransom for a patient’s sensitive health data.

Organisations need to ensure they use optimum cyber security and analytics platforms to meet the complex technological and operational challenges in securing and managing the IoMT environment.

Personal devices need protocols to follow

A recent PricewaterhouseCoopers survey4 shows a 192% increase in cyber-attacks on so called “embedded” or smart devices, such as those used within the healthcare sector, like monitors or by remote home workers, such as laptops and mobile. Networks accessed externally need to be protected, but authentication of these devices can be difficult, as IoT devices cannot offer manual entry of passwords. Bluetooth offers an encryption API when exchanging data between a device and its target data store. Whilst it decreases battery life it offers effective security.

It is important that if you decide to permit the use of personal devices your network policies be clear on your expectations for how and when those devices can be used.

Personal security

As most IoT or BYOD (Bring Your Own Device)devices are small, they are easy to steal, so security is an issue. Many offer warning mechanisms, so in the event of theft the local data cache can be wiped.

Issues can be mitigated by implementing strong security protocols, including encryption and updating operating system patches regularly. The ‘always-on’ nature of the IoT makes patches and service releases particularly challenging. IoT devices are designed to last a long time, so they may outlive their original programming.

For more information on security measures read this article on Healthcare IoT https://internetofthingsagenda.techtarget.com/feature/Healthcare-IoT-security-issues-Risks-and-what-to-do-about-them

Should all else fail

It is also sensible to have cyber insurance cover to support you in the event of an attack. Every breach and practice is different, but you can be confident that we have the in-house expertise to give you the best advice. Plus we have access to a panel of expert insurers to provide you with a totally bespoke solution. Find out more about MIAB’s cyber liability and data insurance offerings here: https://www.miab.co.uk/cyber-liability-and-data-insurance-for-gps

It’s not just cyber security that’s at risk

Whilst on the subject of the Internet of Things, it is also worth noting here that the use of such technology poses further threats and dangers in term of potential litigation. Failure of operation, technology errors and omissions may all lead to potential law suits. Practices could be held liable for bodily, injury, economic losses to third parties and the failure to properly secure data. Malpractice liability coverage, Entity Cover and cyber liability coverage can help protect against potential liability.

To discuss how we can support you with Cyber Insurance and other insurance products then please give us a call. Speak to our Cyber security expert- Montrose Bill on 01438 870718 or email montrose.bill@miab.co.uk

  1. https://www.ons.gov.uk/employmentandlabourmarket/peopleinwork/employmentandemployeetypes/bulletins/coronavirusandhomeworkingintheuk/april2020
  2. Sonic Wall
  3. Security Today

  4. Price Waterhouse Cooper Survey The Global State of Information Security® Survey 2018