"The threat surface grows exponentially with the IoT as each added population of "things" extends and potentially thins the garrison walls, increasing the burden on the CIO's organisation. For most HDOs, IoT populations will number the greatest outside the traditional boundary of the hospital system, mostly centred on patients and their homes," the report said.
Most attacks are centred on identity theft, with large populations of diverse IoT devices without proper security measures in place providing a rich, lucrative exploit for the attackers.
"Cyberattacks can take advantage of the inherent properties of IoT devices, such as communication broadcast capabilities, dependence on battery power, lack of security certificates, and in some cases, their mobility. Examples of attack types that can use these device properties against the devices are: man-in-the-middle attacks, route diversion attacks, and denial-of-service attacks," the report said.
So what can be done? The report recommended healthcare CIOs migrate IoT security risks by using a blended approach that includes security methods taken from mobile, cloud, industrial control, automation and physical security.
It suggested CIOs redefine the device security strategy to address new types of vulnerabilities introduced by IoT infrastructures by including embedded trust, device identities/credentials and real-time visibility and control. It also suggested CIOs enable the scale necessary for a successful IoT security strategy by creating a security plan that includes cloud-based solutions.
"CIOs can prepare their departments for the introduction of the IoT by firrst gaining an understanding of IoT architecture and execution models. Then, they should combine this new IoT awareness with knowledge about how IoT structures interact with the existing traditional IT architectures within the HDO.
"From this informed position, CIOs can guide their organisations to build the foundations necessary to ensure the security of delivered IT services when faced with IoT risks," the report advised.
"The time to take action to thwart the risk of IoT in the HDO is now. In the next several years, HDOs will experience exponential growth of smart devices across the depth and breadth of the enterprise. 2017 needs to be the year to start efforts to put policies and practices in place," the report said.
Source: CIO Australia
Sign up for CIO Asia eNewsletters.