How to Address Security Issues in IoT Devices – Cybersecurity

The following is a guest article by Tamara Badza is a manager at Inviggo.

The Internet of Things (IoT) has transformed the healthcare industry, allowing for the collection and analysis of vast amounts of data to improve patient outcomes.

According to a report by Vantage Market Research, the Global IoT in Healthcare Market is currently valued at USD 73.5 billion and is expected to grow to more than USD 190 billion by 2028.

However, with billions of connected devices, the security of IoT devices in the healthcare industry has become a major concern, as cyber threats like data breaches and ransomware attacks can compromise sensitive medical information.

Who is Responsible for Addressing Cybersecurity Issues in IoT Devices

Addressing cybersecurity issues in IoT devices involves a shared responsibility between device manufacturers, institutions, and end-users.

It’s not always apparent who is responsible for keeping IoT devices secure in the healthcare sector.

Healthcare organizations have occasionally been held liable for data breaches, but technology suppliers may also bear some of the blame. IoT devices may be housed at a patient’s home rather than a hospital’s network, which adds to the confusion. Given the continued rise in the popularity of telemedicine, it is imperative to specify who should be held accountable in these situations.

Device manufacturers have a critical role to play in ensuring that their products are designed with robust security features. This includes incorporating encryption, secure boot, and secure firmware update mechanisms, as well as regularly releasing security patches to address vulnerabilities.

End-users also play an important role in securing their IoT devices. They must keep their software up-to-date, use strong passwords, and be aware of potential threats, such as phishing scams. End-users must also be cautious when providing personal information or login credentials and enable two-factor authentication whenever possible.

Best Practices for Addressing Security Issues in IoT

There are two main groups of security requirements for IoT devices: cyber security and cyber resiliency.

Cyber security is a crucial aspect of any healthcare IoT system, as it helps protect patients’ sensitive medical information from unauthorized access and manipulation. Some of the cyber security best practices include:

  • Confidentiality: To maintain the confidentiality of medical information, the IoT system should be designed to prevent unauthorized entities from disclosing this information. This includes implementing encryption mechanisms and access controls that restrict access to authorized users only.
  • Integrity: To ensure the accuracy and completeness of medical data, the IoT system should be designed to prevent data manipulation, removal, or corruption. By implementing data validation checks and implementing robust backup and recovery mechanisms, organizations can ensure data integrity.
  • Availability: To ensure that medical data is always accessible to authorized users, the IoT system should be designed to prevent device failures and operational outages. This can be achieved by implementing redundancy mechanisms, such as multiple backup servers, and conducting regular maintenance and upgrades.
  • Identification and Authentication: To ensure that the identity of all entities (patients, doctors, devices, etc.) is confirmed before they can access the resources of the IoT system, the system should implement robust identification and authentication mechanisms, such as two-factor authentication and using secure protocols for data transmission.
  • Access Controls: To ensure that different users only have access to the resources they need, the IoT system should implement access controls that determine the level of access based on the user’s role.

Cyber resiliency is an important aspect of healthcare information technology and focuses on the ability of systems to withstand, recover and adapt to different types of failures, threats, and attacks.

A resilient system must have certain characteristics to ensure the availability and reliability of the system under any condition. Some of the key best practices for cyber resiliency in healthcare information technology include:

  • Reliability: The system must be able to function correctly despite network failures, environmental conditions, and other challenges.
  • Modifiability: The system should be designed to be easily updated and modified to add new capabilities or features.
  • Reparability: The system should have the ability to detect and correct faults in order to restore normal operation.
  • Configurability: The system should be able to adjust parameters to function properly in different operational situations.
  • Adaptability: The system should be able to quickly adapt and function correctly under different operating circumstances.
  • Autonomy: The system should be self-managing and capable of self-protecting, self-configuring, self-healing, and self-optimizing.

These best practices are critical to ensuring that healthcare information technology is secure and resilient and that medical data and devices are available and accessible to authorized users when needed.

Increasing Usage of IoT Devices and Legislative Pressures

With the increasing reliance on IoT devices in various industries, governments, and international organizations are taking a closer look at the security and privacy risks associated with these technologies.

As a result, they are introducing new regulations aimed at protecting users and ensuring the safe and secure deployment of IoT systems.

Legislative pressure plays a critical role in promoting cyber security and resiliency in the healthcare industry.

By establishing regulations and standards for the protection of sensitive information, legislative pressure helps to create a safer and more secure environment for patients, healthcare providers, and organizations.

To address the growing cybersecurity risks in IoT devices, governments around the world have introduced several legislations.

In 2020, the United States passed the IoT Cybersecurity Improvement Act of 2020, which sets security guidelines for any IoT devices used by government agencies.

In 2022, the White House announced efforts to protect consumer IoT devices from cyber threats, including the creation of a national cybersecurity labeling program for IoT.

This program will help consumers make informed decisions about the security of IoT devices. The labeling will take the form of a barcode that links to information about software updating policies, data encryption, and vulnerability remediation.

This announcement followed two pilot programs exploring cybersecurity capabilities for IoT devices and comes after the U.K. introduced an IoT security bill in 2021.

Conclusion

The security of IoT devices is a shared responsibility between device manufacturers, institutions, and end-users.

Addressing cybersecurity issues in IoT devices requires following best practices for cyber security and cyber resiliency, such as implementing encryption mechanisms, access controls, and two-factor authentication.

Governments around the world are increasingly introducing regulations aimed at protecting users and ensuring the safe and secure deployment of IoT systems. These efforts play a critical role in promoting cyber security and resiliency in the healthcare industry and help create a safer and more secure environment.

To stay ahead of the ever-evolving threat landscape, it is essential for all stakeholders to remain vigilant and continue to invest in secure IoT solutions.

About Tamara Badza

Tamara Badza is a manager at Inviggo – a company that delivers secure and compliant software solutions for the healthcare industry. Tamara has more than 10 years of experience in the digital sphere. For the last two years, she’s been working in the digitalization of the healthcare industry. She is also a managing partner at Selfnest – a digital platform for mental health.

   

Categories