A Band-Aid Approach Won’t Secure Healthcare Networks

Eduard Serkowitsch | July 12, 2017
Years ago I read a great short story by former Google executive Christian Baudis. This story described a day in the life of a man whose every move was tracked by devices. Life as he knew it was dominated by an environment that looked a lot like the Internet of Things (IoT) taken to a sci-fi extreme. For example, in this fictional world, cash didn’t exist; payment was done by a chip attached to human skin.
Another device was a health-tracking scanner that changed the way practitioners managed patient care. It created a need for more IT administrators with minimal backgrounds in human biology and medicine. They were called DQPs, which was short for “Digital Quality Providers.”
It was a fascinating story.
Today, I came across an article in a newspaper that described a cool healthcare innovation: smart bandages. These bandages will use 5G and wireless networks to track the healing process. To me this is super interesting, especially because I’m a sports fanatic and there are so many applications for this technology to treat injuries of all kinds. In today’s “modern” medicine, you don’t know if an injury is healed until you unwrap the bandage, which usually requires another trip to the doctor to give you the thumbs-up.
Imagine if you could unwrap the bandage at home after an app dictates it’s safe to do so. The smart bandage app is continuously connected to a server, collecting, monitoring and correlating data—and gathering results that can be shared digitally with a healthcare provider as needed. Very cool.
Let’s assume you have a smart bandage and the server that is collecting your data is hosted in a datacenter with the necessary protection from outside access like a firewalls, intrusion prevention systems and advanced threat protection systems. Sounds pretty safe, right?
But what about access from within? What if an adversary — a rogue user or disgruntled administrator — uses the LAN to gain access to the server? What if the smart bandage itself is hacked into and the data is manipulated or tainted in some way? A determined hacker could easily access your health records and possibly provide instructions based on incorrect data. That same hacker could even gain access to other sensitive data available digitally on the hospital network.
We’re seeing broad and rapid adoption of IoT devices, especially in the healthcare space, but with a profound lag in cybersecurity precautions. Being able to see these connected devices and being able to control and manage them is imperative when it comes to minimizing the vulnerabilities these connected devices can create.
The moral of the story: the IoT is cool and new use cases and innovations are becoming available daily, proving that Christian Baudis’ vision of a connected world wasn’t very far off. But keep in mind, proper visibility and control of IoT devices is key to keeping networks (and patients) safe.
Toll-Free (US): 1-866-377-8771
Tel (Intl): +1-408-213-3191
Support: +1-708-237-6591
Headquarters
190 W Tasman Dr.
San Jose, CA, USA 95134