In theory, the Internet of Things should allow patients and providers to take unprecedented control of health care. In practice, it is shaping up to be a security nightmare.
Earlier this month, Johnson & Johnson notified 114,000 patients of a security hole in its Animas One Touch Ping connected insulin pump. Although the company claims attacks are unlikely, the flaw could permit hackers to take control, alter dosage levels and disable the device altogether. It also exposed the weakness of health care IOT networks.
When health care companies began connecting devices to networks the threat of hackers seemed remote. ForeScout chief strategy officer Pedro Abreu points out that many devices have firmware that is so out of date that when they are hacked they are nearly impossible to repair.
This means an infected device on a health care network could be used to commandeer the device, steal data – including patient records – or simply hide, ready to be summoned at a later date for a larger distributed denial of service attack. Recently a DDoS attack simultaneously compromised tens of millions of Internet addresses and took down many of the largest sites in the United States.
“IOT is the new frontier of attack where we’re going to start seeing a rapid increase in these attacks,” Abreu said. “Health care organizations have been very focused on protecting traditional IT, spending millions of dollars to secure its systems. But it leaves an open door with IOT devices – although it’s meant to be a secure system.”
Still, the promise of connected medical devices is massive. The idea is simple enough: Digitize and collect massive amounts of medical data. Use data science and large scale analytics to recognize patterns and make more informed future predictions. Then, provide that analysis to medical professionals to augment diagnosis. It makes the practice of medicine more science and less intuition and judgment. That should be an improvement.
It also makes economic sense. Collecting data continuously leads to better supply chain management and reduced costs of operation for service providers. A McKinsey & Company study found potential savings of $2.5 trillion annually.
Source: SANS ISC SecNewsFeed @ November 29, 2016 at 07:39AM