Are smart medical devices causing cyber security threats?

Credit | Getty
Jon Taylor, Director & Principal of Security at Versa Networks, shares insight on benefits, drawbacks & realities of IoT devices in the healthcare industry

From connected heartbeat monitors to insulin pumps, Internet of Things (IoT) devices have become indispensable in modern healthcare. Better automation and remote care, real-time patient monitoring, efficient data collection and analysis – there is a long list of use cases that drive efficiency and improve patient care. 

However, they also present a growing security risk, one cyber criminal gangs are quick to take advantage of. 

Jon Taylor has been Director and Principal of Security at Versa Networks, since April 2022, where he specialises in Network Topology Design and Troubleshooting. Previously, he was the Senior Systems Engineer at Palo Alto, and has also held roles at Cisco, ABS Technologies and APEX Systems.

He shares insight around how to secure the valuable connected medical devices and protect patients from cyber attacks. 

What are the risks around IoT in the healthcare sector? 

The number of connected medical devices is rising rapidly, with the global medical IoT market estimated to be worth over US$600bn by 2028. However, the increased use of connected medical tech has also expanded the attack surface for cybercriminals, providing more opportunities to infiltrate the network. Ransomware attacks are a particular danger, as locking down the network can interfere with connected devices and deny access to patient records and schedules. 

Healthcare is uniquely vulnerable to these attacks as the disruption of critical medical technology such as MRI scanners and insulin pumps can interrupt patient care and potentially pose a direct threat to human life. Even attacks on support systems such as appointment management software can cause widespread disruption.

Criminal gangs know healthcare providers will be desperate to restore functionality, making them an easy target for cruelly calculated ransom demands. Healthcare providers are then put in the uncomfortable position of choosing between funding future cybercriminal activity or risking patients’ lives.

Threat actors also often seek to steal patient data, which is sold as a commodity on the black market and used to fuel blackmail, extortion, and future targeted cyberattacks. In one of the biggest recent cases, Barts Health NHS Trust, the UK's largest NHS trust, had more than 70 terabytes of sensitive data stolen by the infamous BlackCat group.

Why has the healthcare sector struggled with IoT security? 

Connected devices inherently introduce security challenges for all sectors. Introducing smart tech usually means many new devices on the network, often running on proprietary software with different management needs. Many devices, particularly older models, were not designed with security in mind and basic activity like applying security patches can be time consuming. 

Healthcare providers face more challenges than most sectors because their IoT suite is likely to include expensive equipment such as CAT scanners and MRI machines. The price tag means this hardware cannot be readily replaced when it starts to become outdated. Medical tech will often see near-constant use, making security maintenance difficult. 

This means that maintaining a suit of connected medical tech can be a very resource-intensive job for IT and security teams with long to-do lists. 

How can healthcare organisations secure IoT with limited budgets? 

The healthcare sector is under immense budgetary pressure, especially NHS Trusts. So, one primary challenge for healthcare executives is finding a balanced approach that enhances IoT security without escalating costs. 

Cybersecurity is just one of many areas clamouring for a share of limited budgets – but the potential costs of a breach mean it cannot be ignored. The average cost of a healthcare data breach reached US$11m in 2022, far outweighing any cyber investment costs. 

This means ROI is extremely crucial for healthcare, with an emphasis on streamlining security to cover more needs while minimising costs.

One option is to focus on securing the big picture of the IT network rather than attempting to address each connected device individually. A new approach to network security known as Unified Secure Access Service Edge (SASE) can help address this need. This consolidates multiple security services into a single platform, making securing an expanding suite of connected medical devices easier without driving up costs. 

Can you explain more about Unified SASE? Why does it help with connected medical devices?

Addressing the security challenges of IoT devices in healthcare requires a multi-layered approach that is both effective and cost-efficient. Unified (SASE) platforms integrate network security and network performance together, providing a holistic approach for monitoring network traffic and securing all types of remote access, including IoT devices.

Unified SASE includes multiple security tools such as advanced threat protection and intrusion prevention, which can be used to unobtrusively protect sensitive data without affecting patient care. The unified approach means multiple tools can be managed from one dashboard.

One of the key features of Unified SASE is micro-segmentation, which divides a network into secure, isolated segments. This limits the potential impact of a security breach, especially valuable for healthcare providers with many connected devices. If a medical IoT asset is compromised, the attack is restricted to one area of the network, minimising the impact. This means it’s far less likely for a breach to cause widespread disruption to patient care, and also makes it much more difficult for an intruder to navigate the network and reach sensitive patient data. 

Crucially, Unified SASE platforms are designed to be scalable and flexible, allowing healthcare providers to adapt to emerging threats without requiring a complete overhaul of their existing systems. As organisations invest in more connected devices and expand their IT footprint, the platform can easily scale up to accommodate the new needs. 

Adopting an approach like Unified SASE enables healthcare providers to use connected medical tech to enhance patient care while compensating for its security shortcomings. This not only improves cyber resilience but also offers a cost-effective way to manage security.


For more insights into the world of Cyber - check out the latest edition of Cyber Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest - Technology Magazine | AI Magazine.

Please also check out our upcoming event - Net Zero LIVE on 6 and 7 March 2024.  


BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.



Featured Articles

UK Takes Steps to Strengthen Country's Cyber Security

The new government have made cybersecurity one of their top priorities as they lay out their plans for what they intend to do in power

BlueVoyant Launch Platform to Tackle Supplier Attack Surface

BlueVoyant has unveiled a new Cyber Defense Platform which aims to tackle the growing attack surface introduced by the ecosphere of third-party vendors

Irdeto’s Andrew Bunten Talks Securing Online Content Streams

With online streaming services being bigger than ever, Irdeto’s Andrew Bunten explains how they manage to keep streams safe despite the huge attack surface

Fortinet Cyber Survey Shows Global Scope of Skills Gap

Operational Security

What ChatGPT Passing an Ethical Hacking Exam Means for Cyber

Technology & AI

Learn How CTEM can Upskill Your Cyber Strategy

Network Security