Healthcare tech developments could endanger patients
SA is on the brink of benefiting from a slew of healthcare technologies that could improve patient care, lower the cost,and bring the best medical practitioners to even the most underserved corners of the country.
But it’s not all good news, as these new developments could also put patients at risk in both the cyber and real world.
So say Doros Hadjizenonos, regional sales director SADC at Fortinte, and Matthew Taljaard,subject matter expert for operational technology at Fortinet, who warn that emerging healthcare technologies could be derailed by security risks.
According to Hadjizenonos, IOT and Internet of medical things (IOMT) devices are being adopted more and more to gain efficiency and better patient care in the healthcare sector. These tiny, connected devices are being employed to monitor vital signs and treatment, track pharmaceuticals and control medical equipment.
“We are seeing adoption and interest from private hospital chains locally, who are considering IOT for efficiencies, for managing patients and analysing data,” he says. “There is potential to deploy IOT for patient monitoring both at home and in hospitals, for example connected beds with oxygen meters and heart rate monitors feeding information back to nurses’ stations. IOT can also be used to automate devices administering treatment, such like ventilators.”
He says IDC’s Worldwide Internet of Things Spending Guide forecast from May this year, claims global spend on IOT is set to pass US$1 trillion by 2024, with SA among the fastest growing markets in the MEA region − expected to grow at a CAGR of 14% from 2020 to 2025.
Smart technologies including smart wearables, video conferencing and telemedicine are part of this broader ecosystem, bringing with them the opportunity to make healthcare more accessible, affordable and proactive.
However, Taljaard says that as smart technologies start controlling surgeries and patient treatment, the risks associated with advanced healthcare could grow.
“Data privacy and cyber security are already a key concern in healthcare, as healthcare records are a prime target for cyber criminals. Fortinet found that medical records are worth ten times more than credit card numbers on the dark market.”
Moreover, he says as IT and OT converge, cyber risk can threaten physical health and safety, which could endanger patients should attackers access physical patient monitoring and treatment systems.
Fortinet found that medical records are worth ten times more than credit card numbers on the dark market.
“Much in the same way we enabled work from home by securing that environment, by properly securing the healthcare environment we can create a safe platform that gives health professionals and patients the confidence to start benefiting from all the advanced medical technologies coming to market,” he says.
According to Hadjizenonos, healthcare organisations must prepare for the future of healthcare by building security into the design of the entire environment.
Building security into small IOT or IOMT devices is impractical. These devices are too small to have built in security, and either way, technology to protect them must monitor the whole network of devices as well as secure the traffic that flows between them.
“If a device was to be compromised it would be from the network point of view," he says.
Vulnerable to weaponisation
He says IOT devices are vulnerable to hijacking and weaponisation for use in DDoS attacks, targeted code injection, man-in-the-middle attacks, and spoofing.
Fortinet cautions that malware is also more easily hidden in the large volumes of data IOT devices produce, and that certain IOT devices can be remotely controlled or have their functionality disabled, which could be used in a ransomware attack.
For robust IOT security integrated solutions capable of providing visibility, segmentation, and seamless protection across the entire network infrastructure are needed.
In addition, according to Fortinethealthcare entities should be capable of authenticating and classifying IOT devices, as well as segmenting them based on their risk profiles. They need the ability to monitor, inspect and enforce policy based on activity at different points within the infrastructure, and take automatic and immediate action if any network devices become compromised.
“To ensure compliance and data protection, organisations should take a zero-trust approach with role-based access control and a unified security fabric aggregating the security architecture across physical and cyber domains,” he ends.