Healthcare News & Insights

FBI gives 5 ways to protect IoT devices from hackers

Before using Internet-connected devices on a regular basis, hospital leaders need to ask themselves if the benefits are worth the risk to patients’ data. 

Flag FBIMore hospitals are considering implementing the use of mobile health (mHealth) IT and Internet of Things (IoT) technology, the term given to devices and equipment that can connect to networks.

However, they also must consider the cybersecurity pitfalls of IoT devices. Reason: The Federal Bureau of Investigation (FBI) recently warned the public about the risk for cyberattacks on IoT technology.

IoT benefits

It’s true that IoT devices offer organizations a wide variety of benefits, particularly in ambulances and emergency departments, as CIO.com notes.

Some organizations are seeing good results by using IoT devices to help track ambulances and communicate patient data with provider onboard.

IoT and mHealth technology also give facilities a method to cut down on costly inpatient and readmission visits by monitoring patient symptoms and vitals remotely.

Some believe IoT devices can also improve drug management. Although more development and research is needed, some companies are creating edible “smart” pills which can monitor medication routines and symptoms.

There are also some devices which can help with medication management by prompting patients with alerts when they need to take certain drugs.

Cost cutting and efficiency continue to be important factors in value-based reimbursement, so IoT technology can bring a good return on investment if used effectively.

However, it’s important for leaders to choose their systems carefully, since data security is the main pitfall for most IoT devices.

FBI warning

Like most new technologies, despite the potential benefits, there are also considerable pitfalls leaders have to consider before purchase and implementation.

Earlier this year, the government told providers to stop using an older model of medication infusion pump, which operated on a program that was vulnerable to potential cyberattacks.

Now, the FBI released a PSA about IoT devices, warning the public, enterprises and healthcare organizations about the cybercrime potential IoT devices create.

According to the FBI, “deficient security capabilities and difficulties for patching vulnerabilities in these devices, as well as a lack of consumer security awareness,” gives cyber criminals opportunities to steal information or cause other damage.

IoT devices, which use the Universal Plug and Play Protocol (UPnP) to connect to networks without authentication, are especially at risk of cyberattacks, the FBI said.

However, the feds also propose several ways to keep IoT devices protected, including:

  • keeping IoT devices on separate, isolated networks
  • disabling UPnP on routers
  • updating default passwords on devices to stronger passwords (ideally facilities should change passwords several times a year)
  • updating devices with security patches when possible, and
  • informing patients about device capabilities and risks when prescribed for at-home use.

The FBI announcement highlights the importance of only buying IoT devices from vendors with strong security track records. So be sure your facility has a process for vetting potential vendors or business associates on their cybersecurity understanding and capabilities.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.