Healthcare IT Security and The Internet of Things

The major distributed denial-of-service (DDoS) attack which targeted Dyn shook a lot of people, especially experts in IT security. Dyn is well known for offering domain name services (DNS), and the attack crippled most parts of the internet. In simple terms, a DNS provider has the same role of air traffic controller, that is, the provider routes internet traffic. The DDoS attack made major services like Spotify, Twitter and Netflix to load slower than normal or even unavailable.

Investigators found that the cyber attackers found weaknesses in the devices wireless enabled baby monitors and smart home appliances which were connected to these major services. The attackers then used the Mirai malware to unleash botnets. In other words, the attackers exploited susceptible Internet of Things (IoT) for the attack to be successful. It is estimated that over 500,000 devices have been infected by the Mirai malware. Also, the Mirai malware attack affected Allscripts and Athena Health who deal with EHR devices.

Why healthcare is more vulnerable than other sectors

Security experts in healthcare IT industry have warned that IT security in healthcare is no longer about medical data or healthcare. Recent data breaches in healthcare were attributed to security compromises in their HIPAA business associates. Cyber attackers are particularly attracted to the health sector. This is because of the following reasons:

• Healthcare IT systems are not regularly updated and
• There is a high demand for stolen from healthcare information, in the black market. This means that it can fetch a handsome price.

These reasons are further supported by a recent study, which revealed that close to 90% of healthcare lawyers agree that the sector is more susceptible to cyber-attacks than any other areas.

So, we have to agree that IoT brings forth positive and negative impacts to healthcare organizations. First, they have significantly improved healthcare outcomes by enabling connected health programs to leverage on smart devices and remote patient monitoring.

The the same devices have brought forth cyber-attack threats. These attacks can exploit weaknesses in these devices and then leverage them to cripple the healthcare system.

IT experts and vendor commend the innovation of IoT devices as they have led to improved healthcare quality reduced the costs of healthcare. However, healthcare organizations should be cautious about how they use these devices as they can expose their infrastructure and networks to malicious attacks.

The mandate for healthcare organizations

IT security, and data breaches in general, have lately become a CEO-level issue, particularly in the healthcare industry and this has significantly increased the spending on IT security.

Some organizations have developed strategies like early incident control, process enhancement and automated incident response. This is far much better than excessively spending on the problem.

Healthcare organizations should be more restrictive about how their medical information is shared with other medical providers and IoT devices. This protects the organizations from technology partners and weak security practices.

Other strategies include using simulation techniques to strengthen the internal environments. These strategies include breach tests and advanced analytics for any cyber-threat. Such strategies have become more prevalent despite the allegations some cyber-attacks are sponsored by other nations.

The ecosystem of business associates in which healthcare organizations are operating in is rapidly expanding but is known to have weak security features. On the other hand, other parts of the system, including cloud services providers have stronger security features compared to traditional healthcare organizations.

The strength of the chain is determined by its weakest points. So, healthcare organizations should regularly assess their internal environments, and the relationships with IT services providers. This helps the organizations to identify vulnerabilities which can lead to cyber-attacks.

For federal agencies like the Department of Health and Human Services and Food and Drug Administration, they should have guidelines which set the standards for IoT device makers. All these should be aimed at protecting healthcare organizations.