Smart Tech and Medical Devices Merge: Security Threats Loom

April 8, 2016 • Blog Post • BY QUARTZ CREATIVE

TAP IMAGE TO ZOOM IN

IN THIS ARTICLE

  • Unsecured connected devices give cyber criminals an easy way to steal sensitive personal data
  • A recent HPE study revealed an alarming number of connected devices don’t meet basic security encryption standards

The security needed to protect your IoT devices from cyber attacks

Using the same sensors and chips made popular by our smartphones, everyday devices like light bulbs and toys are coming to life for the first time. And while these interconnected devices can certainly make life easier—especially for parents—they also create holes in our home and office networks that could become privacy problems. This new paradigm is most dramatically illustrated by the unsecure baby monitor feeds made public on the web by hackers.

Of all the data these intruders might steal, health data is among the most valuable. Unfortunately, smart medical devices are also some of the most attractive to families and healthcare providers.

The otoscope is a prime example of the new class of medical devices. The tool is used to look inside the inner ear and several companies have developed inexpensive scope add-ons that use the iPhone’s camera to transmit an image from the home of the patient to the pediatrician, saving a trip to the doctor’s office.

Another is the ultrasound. Mobile and wireless versions are popping up in pediatric emergency rooms and primary care clinics all over the world where they serve as inexpensive screening tools for vascular problems, abdominal masses and kidney and gallstones. The biometric data measured by the devices might eventually be transmitted back to a centralized place where more information about the patient is held. Should a piece of malware tag along, it could enable third-party access to everything from home addresses to prescription information.

These devices are only getting more striking, driving the speed of adoption in spite of security concerns. At MIT Media Lab, researchers have developed a technology that uses magnified video to measure a human pulse, making it possible to remotely monitor the heartbeats of sick infants with nothing more than a video camera.

It’s no wonder smart medical devices have begun to appear at pediatricians’ offices as they save doctors and nurses time spent circulating to and from examination machines in different rooms. Connected machines that also make use of RFIDand NFC technology can even be used in remote locations outside doctors’ offices, allowing the centralization of health data around the patient, no matter where it’s collected.

In practice, however, some of these less expensive machines may not be meant for use outside the home. When devices are shared between practitioners in an office, the collective users often set easy-to-remember passwords or none at all, making their entire patient database vulnerable to attacks.

he promise of these connected devices—when properly protected—is Big Data analytics. With patient-specific datasets from both home and doctor’s office, quick decisions can be made by emergency personnel or hospital staff, saving lives and dollars. Over time, these decisions and their outcomes can be analyzed on a population-wide level, yielding actionable insights that can improve caregivers’ decision-making.

But any smart device is only as secure as its network. As HPE research shows, it’s common to find deficiencies in the authentication and authorization of these devices, and their cloud and mobile interfaces often prove insecure as well. Of the cloud-connected devices surveyed, not a single option required strong password requirements. And this is just one example of weakness. On average, the most commonly used Internet of Things (IoT) devices contain 25 vulnerabilities each, including lack of encryption, insecure portals or APIs and inadequate software protection.

Because so many IoT devices will cross the home-office barrier, security isn’t just a consumer problem. Corporations and hospitals need to be looking at how their systems fare when all the vulnerabilities from their existing spaces—network security, application security, mobile security—combine with smart device security.

The risks that come with this technology shouldn’t dampen our enthusiasm for the ever-growing family of smart things. Few technologies have showed as much promise to improve lives, disrupt old industries and grow the economy.
 


HPE draws on decades of enterprise security experience to help businesses identify and proactively counter cyber threats.

The added convenience that comes from all of our interconnected devices is great, but with this convenience comes risk. Unsecured connected devices are easy targets for cyber criminals looking to steal your data. And of all the data hackers might steal, health data is among the most valuable. Unfortunately, smart medical devices are also some of the most attractive to families and healthcare providers.

RELATED NEWS