When your smart thermostat fails, your home may get a little overheated. The breach of a security camera might result in a break in or a stolen package off the front porch. But failure of an Internet-connected heart monitor or the hacking of a device configured to remind an elderly patient to take their hypertension medicine could have far more serious or even fatal consequences.
There are those that call the Internet of Medical Things (IoMT) the silver bullet for help in addressing runaway healthcare costs but the lack of strong industry-wide security, performance, and operational standards presents some serious challenges. As more and more IoMT devices flow into the healthcare system—either as a result of pressures that the pandemic has put on the healthcare industry, or as a response to the rising interest in virtual care—, a projected $446.52 billion market by 2028, the list of concerns per device grows right alongside it. From loose-fitting FDA guidelines on device security, to the instability of an over-burdened wireless network, the panacea of IoMT is proving to be a “Pandora’s Box” for healthcare IT.
Might We Suggest….
Minimal guidelines and regulations are allowing IoMT device manufacturers to create their own rules. Suggestions abound for how a device should be installed and operated but current standards are minimal and security breaches are a near daily occurrence. The Federal Food and Drug Administration issued non-binding recommendations for the Management of Cybersecurity in Medical Devices back in 2016 but many consider the FDA’s guidance document to be just that, guidance, with no real enforcement of standards or requirements for reporting. In short, regulations for IoMT devices are about as strong as a parent’s request to a two-year old to eat their fruits and vegetables.
The Cow is Out of the Barn
An equally disturbing threat may be to the health system’s network itself. The widely-respected enterprise security website CSO summed up growing vulnerabilities this way; “The IoMT has rendered traditional perimeter security almost obsolete. Once a threat is successfully inside, there are usually few security measures in place to detect it or slow it down.” CSO cites FDA statistics reporting 164 cyber-threats detected for every 1,000 connected host devices.
IoMT devices are designed to solve problems, collect data, and monitor activity. Most were not designed for security. Firmware upgrades and software patches are difficult if not impossible to perform when the device is in use (it’s hard to shut down a patient’s heart monitor for monthly maintenance!). In some cases, the device is literally screaming, “hack me.”
And Then There’s Performance
Healthcare IT networks are often stretched to the breaking point. Add IoMT devices to the plethora of hardware already on a system and technical staff and high quality, consistent performance is challenged. Data integrity is key when utilizing a wearable device to track vital signs used to determine the progression of a chronic illness. A device outputting inaccurate data can result in the scheduling of unnecessary procedures, improper dosing of medication, or worse.
The Internet of Medical Things may yet prove to be a game changer but until then, those of us in healthcare IT need to keep a close hand on the controls.