Cybersecurity and IoMT
Human Cost in Healthcare Increases Criticality
by Charles Parker, II
The healthcare industry is interesting. This appears to be relatively straight-forward with the patient
care staff and patient interactions. When you think through the full operation, there is much more
involved through the entirety. Each step isn’t mainstream within the operations and is diverse. With all
these attack points, the healthcare CISOs have their work cut out for them every day. This could include
all the usual suspects (e.g., ransomware, phishing, supply chain compromises, data breaches, and social
engineering).
One area gaining more traction and attention is IoMT. We’ve heard of IoT, especially with refrigerators,
coffee makers, thermostats, and light bulbs. IoMT is differentiated from these as the focus are the
medical devices. These may include the medical operational technology (OT) with wearable blood
pressure devices, insulin pumps, ingestible sensors, remote patient care devices, and other monitoring
devices.
The security has gotten better with these with the various technological improvements, e.g., BLE versus
Bluetooth. This is a product of security starting to be built into the product sooner than later. There are
still issues with misconfigurations, web app code the Dev Team thought was removed, and other issues.
As these devices interact more with patients, the risks increase substantially. Any security issues are
amplified with the potential loss of life. This amplifies the need for security to be implemented early on
with the Dev Team, and applied with the current version, not two or three versions down the line. A
concentrated, thorough application of security with the software and hardware will significantly reduce
the potential for incidence, which will allow your CISO to get a better night’s sleep.
About the Author
Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.