GAO points to IoT safety and security concerns in healthcare

IoT cellular (pixabay)
More hospitals are using IoT devices, but the GAO says cybersecurity risks are concerning.

Information security, data privacy and safety are among the key challenges facing internet of things (IoT) integration in the healthcare industry.

IoT devices are becoming more ubiquitous throughout nearly every industry, and a new report from the Government Accountability Office (GAO) notes that the IoT is creating an increasingly connected world that provides businesses and consumers access to streamlined data.

But the watchdog agency’s report also focused on several critical concerns that arise from the proliferation of IoT devices, including cybersecurity vulnerabilities in many medical devices.

RELATED: Medical devices are the next big target for hackers

Researchers and industry experts explained how medical devices with built-in wireless connectivity can be compromised. One expert pointed to an instance in which a ventilator manufacturer’s firmware update was hacked and infected with malware, “putting the patient’s health at risk.”

According to the report, another expert said there “is no security on implantable medical devices, making them easily hackable.”

“Without proper safeguards, these systems are vulnerable to individuals and groups with malicious intentions who can intrude and use their access to obtain and manipulate sensitive information, commit fraud, disrupt operations, or launch attacks against other computer systems and networks,” the GAO report stated, referring to IoT devices generally. “The threat is substantial and increasing for many reasons, including the ease with which intruders can obtain and use hacking tools and technologies.”

RELATED: For hospitals defending against cyberattacks, patch management remains a struggle

Although healthcare organizations have begun to embrace the IoT given the potential to access real-time data and the ability to focus on issues like patient falls, last week’s WannaCry ransomware attack may put those benefits in perspective, particularly since several U.S. companies reported infections in their medical devices.  

RELATED: FDA debunks 4 medical device cybersecurity myths

The FDA has said it plans to prioritize cybersecurity within medical devices in 2017. The agency has recently come down on Abbott to fix vulnerabilities within its St. Jude Medical cardiac devices.