Securing Internet-Connected Devices in Healthcare — NCSAM Week 3

Healthy Habits for the Healthcare Industry

The healthcare industry has become increasingly reliant on internet-connected devices and solutions to improve patient care, organizational efficiency, speed of crisis response, and much more.

The emergence of telemedicine, digital health records, internet-connected medical devices, patient wellness apps, and an increasing number of third parties entering the health supply chain has created many benefits but has also exposed the industry to vulnerabilities that cyber criminals regularly attempt to exploit.

This week’s Cybersecurity Awareness Month theme will delve into the healthcare industry, the implications of internet-connected device use and what steps healthcare professionals can take to own their part and #BeCyberSmart.

PlexTrac is a registered 2020 Champion Organization. Organizations listed as Champions represent those dedicated to promoting a safer, more secure, and more trusted Internet. To learn more about PlexTrac, click here.

To learn more about National Cybersecurity Awareness Month, click here.

Hospitals Continue to Suffer from Security Headaches

IoT devices dominate the healthcare industry in today’s world. Whether you’re monitoring a patient’s anesthesia or using radiology devices, you’re almost sure to use an IoT device any time you’re at the hospital. The problem isn’t strictly related to an increased reliance on technology in the industry, but rather the prioritization of what is protected.

Whether they’re regarded in the same light or not, healthcare IoT devices are equally vulnerable to compromise as a computer, smartphone, tablet, or any other device typically used for work or play. However, these devices are not given the same security priority, which explains why healthcare organizations continue to suffer from massive security breaches. In fact, Clearswift found that 67% of healthcare companies experienced a cybersecurity incident in the past year.

The healthcare industry faces many of the same security challenges that any other organization does. A few of these include:

• Malware and ransomware
• Cloud threats
• Misleading websites
• Phishing attacks
• Encryption blind spots
• Employee error, and more

The combination of frequency and breadth of attacks in healthcare necessitate communicating directly with the professionals in the industry to ensure the risks and ramifications of a cybersecurity incident are well-understood and prioritized appropriately.

Steps to Improve Security in the Healthcare Industry

While healthcare is a large target for bad actors and will continue to be moving forward, all hope is not lost. Here are some simple tips you can take to empower yourself, your team, and your security posture:

1. Establish a culture of security

This concept is harped on a lot in the cybersecurity industry, but establishing a culture that continuously trains and educates employees on proper device use is vital. Human error is consistently considered the biggest vulnerability for your security posture. This vulnerability can be minimized (but not eliminated) by ensuring your employees understand both the risks associated with IoT devices and the best practices to ensure everyone stays cyber secure.

2. Protect Mobile Devices

Mobile devices are being used more and more by professionals in the healthcare field, which provides an additional attack vector for hackers. Lock this vector down by securing mobile devices at work. You can do this by using complex passwords, encrypting the device and keeping the device on you at all times.

3. Maintain Good Computer Habits

The healthcare field has many interconnected IoT devices in practice, including traditional computers. With this in mind, it’s important to maintain good computer habits while at work. When onboarding new employees it is important to establish an “acceptable usage” policy for work computers, including your actual browsing behavior, software and operating system maintenance, proper privacy practices while charting, and more.

4. Plan for the Unexpected

Whether you like it or not, security incidents are bound to happen. This is why it’s so important to plan for the unexpected. Being prepared includes regularly backing up all of your and your company’s precious data in order to make data restoration quick and painless. The last thing you want is to lose data because you forgot to back it up. Additionally, it’s smart to store backups in a secure and separate location from your devices.

5. Additional Tips and Tricks

Here are some smaller tips and tricks to implement in your work environment that will help to further minimize your exposure to costly attacks:

• Always use a firewall
• Control and limit access to protected health information
• Limit network access
• Control physical access
• Use strong passwords and update them regularly

Conclusion

Cybersecurity is hard for everybody. This is especially true for the individuals working in healthcare, an industry given the massive responsibility of saving lives and protecting people. However, taking some time to establish clear standards and procedures for your IoT devices will pay large dividends for your company. Maintaining these standards ensures everyone knows what acceptable use is  and what is at risk when operating these devices. Following these tips will cut down on the time you spend fixing cyber problems, minimize your security risk, and maximize the time you have for your most important healthcare work.

To learn more about PlexTrac, click here.

PlexTrac Author At PlexTrac, we bring together insights from a diverse range of voices. Our blog features contributions from industry experts, ethical hackers, CTOs, influencers, and PlexTrac team members—all sharing valuable perspectives on cybersecurity, pentesting, and risk management.