Privacy Tip #190 – Internet of Medical Things (IoMT)
These days, pretty much everyone is aware of potential security incidents and the risks involved with Internet of Things (IoT) devices because security was not built into the device during the manufacturing process, but there is less awareness of the risks associated with the Internet of Medical Things (IoMT).
Just like IoT devices, such as home security systems, TVs, coffee pots, cameras, fitness monitors and baby monitors —all of which are hackable—IoMT devices are those devices and monitors designed and manufactured to be used in the medical industry, such as heart monitors, pacemakers, drug monitoring devices, and radiology systems. All of these monitors and devices are also connected to the Internet, but they may be implanted in our bodies or ingestible. They are able to monitor our medical condition and report back electronically to our physicians or the electronic medical record of a hospital.
Although these IoMT devices are meant to improve our health, they are no different than home security systems, baby monitors, or fish tanks that were designed and manufactured without data security imbedded in them. That means that they are hackable as well. And that means that intruders can not only hack into our homes, but now they also can get into our bodies.
A new survey by Fortinet (see article for FierceHealthcare written by my friend and student Sonia Arista here) “reveals two noteworthy trends regarding the state of security in healthcare as well as what care providers need to do next.”
According to the article, the risk of IoMT is high, and one of the top threats is IP-enabled cameras being used in hospitals. “Compromised cameras could not only be used to obscure malicious onlsite activities or prevent healthcare providers from monitoring patients, but they could also open an entry point into connected cybersystems from which cybercriminals could launch DDos(distributed denial of service) attacks, steal personally identifiable information, initiate a ransomware attack, and more.”
Many physicians are unaware of the security risks of IoMT devices. When considering the use or surgical implanting or ingesting of a device that can be monitored digitally, discuss the security risks with your physician, and do some online research on the data security measures that are taken, and publicly disclosed, by the manufacturer of the device. If you can’t find any information about the data security of the device in a public search, then data security is probably not a high priority for the company. Don’t rely on your physician to have done any such research—do it yourself, and do it before something is implanted in you. The last thing you want is to be notified that the device has to be removed in order to update a security patch, as many patients have had to do with pacemakers.