Security in Internet of Things-Based Healthcare System

Internet of Things (IoT), which was introduced over two decades ago, is a disruptive technology highlighting the interrelation between physicals objects and the virtual world. The healthcare sector is one of the significant areas for the applications of IoT. A typical hospital deploys several connected devices comprising implantables, wearables, workflow, monitors, etc. With all the advantages, there is lacking of robust security for several IoT devices.

The nature of the IoT technology, including the “openness” of the distributed environment and medical devices, gives rise to complexity issues. Digital security is generally not the forethought, however modern the digital device is. Thus, there is a compromise in the confidentiality, integrity, and availability of IoT devices. Once hospitals let their guard down, hackers will take advantage of the weaknesses of devices and cause functional disruptions in IoT systems. The traditional security requirements for responding to attacks may not be helpful because of the limitations in medical devices comprising power consumption and operability. Most of medical IoT devices fail to support encryption. Anytime a medical IoT device is utilized for connecting with a hospital network, there is a risk of a halt in progress. Thus, the healthcare sector should prioritize technologies like IoT that saves time and lives.

IoT Healthcare Elements and their Risks

Innovations in healthcare are getting more versatile and cost-effective thanks to the development of several healthcare-enabled technologies based on IoT. This comprises identification technology, communication and location technologies, and service-based architecture. One of the examples of healthcare IoT implementation is intellectual continuous glucose monitoring (CGM). One in ten adults in the world is a person with diabetes who requires continuous control and treatment. The CGM devices let diabetics to track the level of glucose in their blood every day. Intellectual CGM systems even send the data regarding the patient’s glucose levels to their mobile gadgets to check the present diabetes status and predict future status. Besides supporting diagnosis, IoT healthcare devices also ensure health treatment adherence. Once the devices are connected to the mobile apps, it will let the patients get reminders for self-adherence checking.

Though the risks are not that severe compared to the advantages of IoT, not paying attention to the risks for a long time can lead to severe repercussions for the healthcare domain. IoT faces data security issues. Every new device or node included in an IoT network increases the risk of data loss and unauthorized access. Real-time health systems (RTHS), like the CGM discussed above, function by gathering data constantly from patients. These systems can potentially be hacked, and the data can be stolen. Electromagnetic radiation effect and signal strength are concerns in hospitals. Besides, loss of privacy can have severe consequences since specific private information must remain confidential. Therefore, the key is in ensuring privacy, simultaneously offering superior care as per data generated through IoT devices.

To mitigate the risk, frameworks such as COBIT 5 (Control Objectives for Information and Relational Technology) concentrate on the enterprise level, and the solution is not only limited to the IT domain. It also looks into other factors including enhancing and maintaining high-quality information to support business decisions, and utilizes technology to promote operational excellence, etc.

Healthcare IoT system’s security requirements, cybersecurity and cyber resiliency

To prevent data leakage for the healthcare sector, the Health Insurance Portability and Accountability Act (HIPAA) has provided physical and technical safeguards. That said, given its immense capabilities, the security requirements of IoT systems are moving a step beyond from cybersecurity approach to the cyber resiliency approach. The latter consists of features including prevention, prediction, autonomic computing, and fault tolerance, encompassing all threats and attacks either known or unknown. Both cybersecurity (traditional) and cyber resiliency (novel) requirements should be considered so as to accomplish the trustworthiness level in IoT-based healthcare system.

Several IoT medical devices stream data and information with repeatable frequency. However, protecting IoT traffic from many devices and sensors can be daunting. With innovations including medical device data being securely tunneled and monitored for threat analysis, introducing security designs into the design of connected medical devices is not a far-fetched thing. Network segmentation, hardware protection, data encryption, and EMI shielding are some practical ways of taking care of the cybersecurity of IoT-driven medical practice.