Healthcare provider CIOs are being warned to rethink IoT cybersecurity risks this year in light of the vulnerabilities that will accompany the technology, according to new research from Gartner.
"By 2020, more than 25 per cent of identified attacks in healthcare delivery organisations will involve the IoT," according to the report, which is part of a series of 'Top Actions' notes written by analyst Gregg Pessin for healthcare provider CIOs.
"IoT offers a brave new world of value to healthcare provider organisations through its ability to collect and send detailed data from almost every aspect of daily operation in a healthcare facility," according to the report.
"This data includes specifics from how the facility is performing physically (heating/cooling/lighting) to patient condition - both within the hospital and at home - with many more use cases to be discovered.
"This data creates vital contextual visibility and input to analysis engines that enable the situationally aware views of provider processes and, in turn, enable the data's true value - the operational intelligence capabilities of the real-time health system (RTHS)," Gartner said.
IoT in the healthcare arena is not one technology - instead it's the integration of several types of systems that sense and collect data from the environment, analyse the data, and take action upon that data to accomplish clinical and business goals.
While IoT offers the benefit of significantly increased situational awareness surrounding the patient and hospital operations, it also comes with "new and unfamiliar cybersecurity risks."
"IoT solutions can change the state of a digital environment, in addition to generating data, but "this variability of state requires a new view of cybersecurity," the report said.
IoT environments consist of mostly unattended endpoints, which create easily avoidable vulnerabilities for HDO IT infrastructures.
"The HDO represents the enterprise - the set of applications, processes and services that can be called by the IoT platform to accomplish the hospital's objectives. Many IoT platforms also include APIs that enterprise applications can use to extract data from the platform for their own purposes," the report said.
Machine to machine (M2M) authentication works for newer IoT devices but does not include legacy devices, creating trust gaps between devices and gateways, the report noted.
With IoT pushing the boundary of IT outside of the traditional HDO IT environment, there's a need to architect and strategise current security solutions. New security concerns introduced by the exchange of data from "things" include: data integrity; data authenticity; and data confidentiality.
"Because these new attack vectors are data-centric, they represent a significant digital threat to the HDO. The standard implementations of protected health information (PHI) defence, access control, authentication and infrastructure resilience are all pushed to their limits with the introduction of the IoT to the HDO environment," the report said.
Sign up for CIO Asia eNewsletters.