The security dilemma of healthcare in the Digital journey

The healthcare industry is going through a disruptive phase. IoT and IoMT have opened new avenues for the sector which is now focusing on developing its remote patient monitoring and care capabilities. The global IoT healthcare market is expected to reach $188 billion by 2024, growing at a CAGR of 27.6%. Combined with Artificial Intelligence, IoMT devices are making healthcare accessible and affordable to all. An estimate by Goldman Sachs shows that IoMT devices will save $300 billion for the healthcare sector. 

Amidst the growing ageing population and healthcare costs, IoMT is proving to be a boon. However, with the increasing connected devices, there is also a parallel rise in the number of data breaches and cybercrimes. Within the last year, 82% of healthcare organizations’ IoT devices were targeted for cyber attacks. More than 41.11 million records were exposed, stolen, or disclosed without permission. It is expected that the healthcare sector will have to pay a cost of $4 billion for the data breaches. 

“The Internet of Things (IoT) devoid of comprehensive security management is tantamount to the Internet of Threats. Apply open collaborative innovation, systems thinking & zero-trust security models to design IoT ecosystems that generate and capture value in value chains of the Internet of Things,” says Stephane Nappo. While the promise of IoMT is not to be dismissed, the security concerns are critical. On its digital growth, the healthcare sector is facing the dilemma of patient privacy and security versus enhanced patient care and quality. Leveraging digital health technology leaves the sector vulnerable to cyber attacks. Therefore, it is essential to find a mid-way that helps the healthcare industry progress while keeping itself secure from the malicious cyber crimes. 

Let us explore the promises that IoMT brings to healthcare and understand how the industry can keep itself secure from the cyber attacks: 

What does IoMT brings to the table 

Affordability and accessibility are the two prime benefits bestowed to humanity by IoMT technology. By enabling remote care, IoMT significantly reduces the costs. A few examples of IoMT in the market are: 

• ABILIFY MCYITE® System: This is a four-component system comprising a pill, a patch, an app, and a dashboard. The pill is an Aripiprazole tabled embedded with an Ingestible Event Marker (IEM) sensor, which gets activated when the pill is consumed. The sensor communicates the event to the MYCITE® patch that identifies and records the date and time of ingestion. This information is then communicated to a smart phone application through which users or caregivers can review and monitor the data and activity levels. The dashboard makes for a web-based portal through which healthcare providers can access their patient’s data. 
• eVisit: Rated as one of the top remote patient monitoring platform, eVisit is making telemedicine possible for the healthcare sector. Platforms such as eVisit helps healthcare organizations to scale their telemedicine footprint while improving patient engagement, revenues, and workflow processes. 
• MoMe®: Infobionic’s MoMe® Kardia cardiac monitor enables patients to gain 24-hour ECG data and keep a real-time check of their arrhythmic condition. It is a full-disclosure ECG transmitter that offers critical patient insights to the healthcare providers. 

• Respiro: Amiko’s Respiro is a digital medicine product that implements proprietary sensory technology, cognitive computing, and digital experiences to enhance respiratory care of the patients. Respiro personalizes respiratory treatment for each patient by combining connected inhaler sensors, digital applications, behavior change programs, and predictive analytics. 
• PillCam™ SB 3 system: The system offers direct visualization of the small bowel through advanced optics and imaging. It helps monitor lesions related to Crohn’s disease, obscure bleeding, or iron deficiency anemia. 

The primary goal of the IoMT devices is to bridge the gap between patients and healthcare devices. They essentially keep everything ‘connected’ for real-time monitoring and faster care delivery. Private and sensitive patient information is shared over various connected devices in the IoMT ecosystem. This information transmission is critical for dissolving the gap. At the same time, it also poses high risk of data theft and evidently so. Threat detection on healthcare endpoints has increased by 60%.  

With the increasing cyber crimes, the regulations are also getting stricter. In order to be compliant to the industry standards and to secure the system from hackers, the healthcare sector needs to adopt some best practices: 

• Educate: Human errors have caused some of the biggest cyber crimes in the history. Therefore, it is essential to create cybersecurity awareness among the healthcare professionals. They should be educated on the secure ways of handling patient data and exercise appropriate caution. 

• Restrict: Access to the patient information should be restricted to only those persons who need the data for completing their jobs. Multi-factor authentication and multiple validation methods should be exercised. 
• Implement: By using protective data controls, healthcare sector should facilitate real-time monitoring and inhibition of any malicious activity. 
• Encrypt: The data should be encrypted while at rest or in transit. This allows the healthcare sector to protect their patients’ data even in case of breach.  
• Secure: With telehealth and mobile health gaining traction, mobile devices become a key target for cyber criminals. Necessary measures such as usage of strong passwords, application data encryption, should be implemented for mobile devices security. 
• Mitigate: The IoMT network should be continuously monitored for vulnerabilities. Constant monitoring helps in detection of any unusual activity, which could be a breach. 

• Save: All the data should be saved in a secure, remote location. This would allow healthcare organizations to protect their data integrity in case of ransomware attacks. 

Most importantly, assure! 

As per a HIPAA study, 26% of hospital respondents and 93% of physician organizations do not have an adequate solution to instantly detect and respond to an organizational attack. 40% of providers surveyed do not carry out measurable assessments of their cybersecurity status and 35% of healthcare organizations did not scan for vulnerabilities before an attack. 

A robust healthcare cybersecurity plan necessitates a proactive approach toward network vulnerabilities. End-to-end healthcare security testing services should be employed, such as vulnerability assessment and penetration testing of network, web applications, and wireless. 

Cigniti has a dedicated Security Testing Center of Excellence (TCoE) that has developed methodologies, processes, templates, checklists, and guidelines for web applications, software products, networks, and cloud. Our unique managed security testing services model combines the deep understanding of industry best practices and decade long expertise in software testing services delivery. Connect with us today.