For many industrial and commercial purposes, there are tremendous benefits, in terms of system management, for increased connectivity with the technological innovations of the Internet of Things (IoT). This also brings many new security issues to consider. A new level of security risk comes from the expansion of the IoT to connect devices. These risks come from connected devices that are communicating in less-than-secure ways. Every piece of equipment that is connected through the IoT may create a security breach.
Risks Caused by Medical Devices
An example of this new type of risk is experienced by healthcare organizations that are becoming aware of the cyber vulnerabilities of medical devices. The U.S. Department of Homeland Security (DHS) issued six alerts since April 2018 advising major healthcare organizations about the security risk of medical imaging equipment and patient monitoring devices. The DHS has a special Industrial Control System Emergency Response Team that is tasked with the goal of discovering vulnerabilities in all types of equipment.
Recent security alerts from DHS include notices about devices with these problems:
- Improper authentication procedures
- Personal information exposure
- Missing encryption
- Memory read/write vulnerability
- Denial of service potentials
These risks can cause harm to patients if they are exploited.
Healthcare companies now are encouraged to conduct security audits that include an evaluation of connected medical devices. These organizations must also track and record any security risks found in their operations caused by devices and the remediation steps taken to remove the risk.
The challenges include finding things with vulnerabilities that the organization can update with software security patches, checking for proper configurations, and adding system architecture controls. Other things may need to be fixed by the vendors. There should be an ongoing effort to identify vulnerable devices. Taking them offline to fix them or relocate them may cause operational problems. There is a balance between managing the devices to improve security and understanding the effect on operations when the equipment is not available for clinical procedures.
Companies, especially those in the healthcare industry, need to be aware of the risks caused by devices used in their operations. Contact Sentree Systems Corp. for a security review and to get advice about how to manage security risk caused by devices that are connected to the IoT. Sentree serves Indianapolis, Avon, Plainfield, Carmel, Fishers, Noblesville, and the surrounding areas in Indiana.