Medigate and CrowdStrike conducted a new study that featured the magnitude to which threat actors are targeting healthcare Internet of Things (IoT) devices and gives warning regarding the troubled condition of IoT security in the healthcare field.
The quantity of IoT devices being utilized in healthcare has gone up substantially in recent years as connected health drives a trend in the delivery of health care. Healthcare organizations are progressively reliant on IoT devices to do a variety of important functions, and although the devices provide massive clinical rewards, cybersecurity must be taken into consideration.
Cyber threat actors have unfairly targeted healthcare companies for a number of years because of the great value of healthcare information, the simplicity at which it may be monetized, and the reasonably bad cybersecurity protection in healthcare in comparison to other industries. The fast usage of IoT devices has caused a big growth in the attack surface which gives cyber actors much more chances to carry out attacks. Additionally, IoT devices frequently have weaker cybersecurity adjustments compared to other devices and could offer an easy access point into healthcare systems.
The research involved a survey of healthcare companies to find out what risks they have experienced in the last 18 months. 82% of surveyed healthcare companies stated they have encountered no less than one form of IoT cyberattack during the past 18 months. 34% of survey participants mentioned the attackers used ransomware. The scenario will probably grow worse since the number of IoT devices in healthcare is increasing. Based on the report, spending money on connected medical devices has been forecasted to grow at a CAGR of 29.5% until 2028.
One of the primary issues with protecting IoT devices is insufficiency in tracking all connected devices, considering that this is particularly weak in the healthcare sector. IoT security threats may be handled and minimized to an acceptable level, however, if healthcare providers have no visibility into the IoT devices that hook up to the internet, important security enforcement systems cannot function at the necessary levels.
Healthcare institutions should have a clear visualization of the security posture of every device and be mindful of network standing, place, and device usage. There can be 100 or even more devices being used, therefore monitoring those devices and the protection status of each one could be a big problem and will just worsen as the number of devices rises.
The researchers make a number of suggestions regarding enhancing IoT security, such as endpoint detection and response (EDR), network segmentation, and orchestrated visibility, and permitting attacks to be quickly secured. It is additionally essential to make sure insurance policies get enough coverage.
HDOs should have a complete understanding of their overall connected landscapes, or else, threat intelligence can’t be correctly processed or linked to the appropriate devices, and remediations won’t give the sought-after impact. Processes that constantly enhance visibility and its orchestration, EDR, and containment capacity should be set up, or these extra defense layers cannot do their maximum intended levels.
To be able to scale the provision of connected health, the researchers point out security and asset management procedures need to converge. The researchers suggest making a common reference foundation, not just to modernize current infrastructure where feasible but to make certain the performance of long-term investments in layered capacities.