Close this search box.

IoT Security: Risk in +50% of Medical Devices

More than half of the real-time connected IoT medical devices in hospitals currently pose IoT (Internet of Things) security threats due to existing critical vulnerabilities that can considerably compromise patient care.

This is shown in the report

State of Healthcare IoT Device Security Report

2022 report from Cynerio, a company that develops IoT security platforms for healthcare.

According to the survey, 53% of the Internet-connected medical devices analyzed had a known vulnerability; for every smart device connected at the bedside, one-third were identified as presenting a critical risk.

Cynerio analyzed more than 10 million IoT medical devices in more than 300 global hospitals and medical facilities.

The report warns that if these medical devices were accessed by cybercriminals, it would affect service availability, data confidentiality, and even patient safety.

IoT security in healthcare: a major target for cyber attacks

And even with continued investments in cybersecurity, critical vulnerabilities remain in many of the medical devices that hospitals rely on for patient care.

In practice, healthcare institutions need advanced solutions that mitigate risks and enable them to fight back against cyber attacks, it could mean life or death for patients.

Of all medical IoT devices, the report found that infusion pumps are the most common device with some type of vulnerability at 73%, especially since they represent 38% of a hospital’s IoT.

If criminals hack into an IV pump, it would directly affect patients, since they are directly connected to their users.

Some of the main causes of vulnerabilities found in healthcare facilities result from relatively simple things, such as out-of-date programs.

For example, the report found that most IoT medical devices were running older versions of the operating system.

In addition, default passwords, used on every smart device, across the organization are common risks, especially since these credentials are weak and protect about 21% of smart devices.

In fact, healthcare has become the number one target of cybercriminals in recent years, mainly due to outdated systems and insufficient cybersecurity protocols.

Growing IoT Adoption Has Advantages and Vulnerabilities

The Internet of Things has over the years brought immense advantages to medical organizations and their patients.

From giving patients clearer visibility into their treatment to reducing some of the cost, access, and care coordination challenges currently facing the healthcare industry, IoT is poised to change the way we keep individuals healthy.

According to the report

Global Market Insights report

, the global healthcare cybersecurity market is expected to increase above $27 billion by 2025, with a CAGR of 19.1% from $8.2 billion in 2018.

The Internet of Medical Things (IoMT) has offered a simple doorway for cybercriminals trying to misuse and profit from vulnerabilities.

Open Source Cybersecurity Intelligence Network and Resource
states that there are, on average, 6.2 vulnerabilities per medical device.

Considering the sheer volume of IoT medical devices currently present in clinics and clinical environments, this shows a picture of high risk regarding IoT security.

IoT security poses risk to patient care

Because edge devices are absent in a secure network environment, it is simpler for cybercriminals to control the connected medical device, for example, a health assessment device, portable ventilator, or insulin pump, which sends crucial information to the hospital.

In addition, many of these devices are with default passwords and inaccessibility firewalls that make them more vulnerable.

Cybercriminals can gain access to the device to deploy harmful code and make unapproved modifications to the device’s software.

Appropriate anti-malware mechanisms should be in place to ensure the integrity of the device and protect it from spyware and Trojan attacks, thus ensuring IoT security.

Also regarding IoT security, healthcare institutions should still ensure the device is configured with strict password policies.

Compliance with the General Law on Data Protection (LGPD) is also required for equipment used to obtain patient health information.


An organization is only as strong as its weakest link

This means it is more important than ever that healthcare organizations protect and invest in IoT security on all network-connected devices.

Implying the implementation of a solution that can track all traffic to and from IoT devices, as well as limit who and what each device can talk to.

Finding a way to secure and track what machines and devices are doing is crucial. In addition, a vigorous, strong, cloud-oriented network infrastructure is critical.

As medical organizations seek to access the benefits of IoT devices, many of them become obvious targets for cybercriminals.

Getting the right infrastructure and processes in place to protect your frontline will help prepare for the correct and safe use of devices, as well as have the best patient outcomes.

CipherTrust Data Security Platform is the right solution for your hospital to ensure IoT security

The CipherTrust Data Security Platform solution is an important technology resource that can be associated with the use of the Internet of Things (IoT), further extending the security and protection of data.

According to IDC, more than 175 zetabytes of data will be created by 2025, and today more than half of all corporate data is stored in the cloud.

To address the complexity of IoT security, the CipherTrust Data Security Platform solution provides strong capabilities to protect and control access to sensitive data in databases, files, and containers. Specific technologies include:

CipherTrust Transparent Encryption

Encrypts data in on-premises, cloud, database, file, and Big Data environments with comprehensive access controls and detailed data access audit logging that can prevent the most malicious attacks.

CipherTrust Database Protection

It provides transparent column-level encryption of structured and confidential data that resides in databases such as credit card, social security numbers, national identification numbers, passwords, and e-mail addresses. Fundamental to ensuring IoT security in healthcare facilities.

CipherTrust Application Data Protection

It offers APIs for developers to quickly add encryption and other cryptographic functions to their applications, while SecOps controls the encryption keys.

CipherTrust Tokenization

It offers application-level data tokenization services in two convenient solutions that provide customer flexibility – Token without Vault with dynamic policy-based data masking and Tokenization in Vault.

CipherTrust Batch Data Transformation

It provides static data masking services to remove sensitive information from production databases, so that compliance and security issues, directly linked to the IoT security issue, are alleviated when sharing an information database with a third party for analysis, testing, or other processing.

CipherTrust Manager

It centralizes keys, management policies, and data access for all CipherTrust Data Security Platform products and is available in FIPS 140-2 Level 3 compliant physical and virtual formats.

CipherTrust Cloud Key Manager

It offers its own key lifecycle management (BYOK) for many cloud infrastructure, platform, and software-as-a-service providers.

CipherTrust KMIP Server

It centralizes key management for the Key Management Interoperability Protocol (KMIP) commonly used in storage solutions.

CipherTrust TDE Key Manager

Centralizes key management for encryption found in Oracle, SQL and Always Encrypted SQL.

The portfolio of data protection products that make up the CipherTrust Data Security Platform solution enables healthcare organizations to protect data at rest and in motion across the entire IT ecosystem and ensures that the keys to this information are always protected and only under your control.

It simplifies IoT security over data, improves operational efficiency, and accelerates compliance time. Regardless of where your data resides.

The CipherTrust platform ensures that your data is secure, with a wide range of proven, industry-leading products and solutions for deployment in data centers, either those managed by cloud service providers (CSPs) or managed service providers (MSPs), or as a cloud-based service managed by Thales, a leading security company.

Tool portfolio ensuring data protection in IoT devices

With data protection products from the CipherTrust Data Security Platform, your healthcare organization can:

Strengthen security and compliance

CipherTrust data protection products and solutions address the demands of a range of security and privacy requirements, including electronic identification, authentication and trustThe Payment Card Industry Data Security Standard (PCI DSS), the General Data Protection Act (LGPD), and other compliance requirements.

Optimizes staff and resource efficiency in IoT devices

CipherTrust Data Security Platform offers the broadest support for data security use cases in the industry, with products designed to work together, a single line for global support, a proven track record of protecting against evolving threats, and the industry’s largest ecosystem of data security partnerships.

With a focus on ease of use, APIs for automation, and responsive management, the CipherTrust Data Security Platform solution ensures that your teams can quickly deploy, secure, and monitor the protection of your business.

In addition, professional services and partners are available for design, implementation, and training assistance to ensure fast and reliable implementations with minimal staff time.

Reduces total cost of ownership

CipherTrust Data Security Platform’s data protection portfolio offers a broad set of data security products and solutions that can be easily scaled, expanded for specific use cases for IoT security, and have a proven track record of protecting new and traditional technologies.

With CipherTrust Data Security Platform, healthcare institutions can prepare their investments for the future while reducing operational costs and capital expenditures.

About Eval

With a track record of leadership and innovation dating back to 2004, Eval not only keeps up with technological trends, but we are also in an incessant quest to bring news by offering solutions and services that make a difference to people’s lives.

With value recognized by the market, EVAL’s solutions and services meet the highest regulatory standards of public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

About the author

Other posts