Experts weigh in on how to defend against cybersecurity threats to connected digital health devices

By Bill Siwicki
Share

Seventy-eight percent of business professionals, including healthcare executives, believe the threat from the so-called Internet of Radios will increase in the next 12 months, according to a new study from Bastille Networks Internet Security, a vendor of enterprise threat detection technology and services.

The Internet of Radios is the collection of Internet of Things, mobile, medical and other devices that use radio frequency to communicate.Bastille identified the following as the top 10 Internet of Radios security vulnerabilities, in order from top to bottom:

1. Rogue cell towers, also known as “stingrays” and “IMSI catchers”
2. Rogue Wi-Fi hotspots
3. Bluetooth data exfiltration (tethering)
4. Eavesdropping/surveillance devices (for example, conference room bugs)
5. Vulnerable wireless peripherals (mice/keyboards)
6. Unapproved cellular device presence
7. Unapproved wireless cameras
8. Vulnerable wireless building controls
9. Unapproved Internet of Things emitters
10. Vulnerable building alarm systems

“With the rise of mobile, wireless and IoT devices in the healthcare workplace, there’s a significant gap between security awareness and preparedness in the healthcare industry as many of these devices contain vulnerabilities that hackers can exploit and use as a portal for entry into a healthcare organization’s network,” Bastille CEO Chris Risley said.

 Half of the 300 business professional survey respondents, in fact, indicated that Internet of Things devices are already impacting security. 

So what can healthcare organizations do to bolster the security of devices that use radio frequency to communicate? Risley offered some suggestions.

Know your employees

“Healthcare organizations can begin by understanding employee behavior and the types of devices entering their offices that could pose a danger to network infrastructure,” he explained. “Large organizations with sensitive data want to know the movements of devices in their environment in order to get full situational awareness of all the activity in the radio frequency spectrum within their combined premises.”

Monitor devices in your airspace

Next, healthcare organizations should deploy technologies that offer visibility into Internet of Radios devices inside their organizational airspace, whether the devices are owned by the healthcare organization or brought in from the outside, Risley said.

“The only way to prevent these sorts of devices from being exploited is to continuously monitor hospitals and other healthcare facilities for radio-enabled devices that contain known vulnerabilities,” he added. “Only after a vulnerable device has been identified can it be patched.” 

Learn from others

Several cyberattacks recently have been demonstrated against radio-enabled healthcare devices, Risley added. For example, one showed that there are vulnerabilities in the communication protocol that is used to control Johnson & Johnson Animas OneTouch Ping insulin pumps, he explained.“The vulnerability allows hackers to remotely and surreptitiously control the amount of insulin that is delivered,” he added, “which presents a stark health hazard.”