FBI issues alert for IoT device security

By 2020, a staggering 26 billion IoT-enabled devices will be installed worldwide
By Erin McCann
10:57 AM
Share
FBI headquarters

When the Federal Bureau of Investigation issues an alert to healthcare organizations and others warning of the serious cyber risks the Internet of Things presents, it's probably best to pay attention.

For healthcare security folks, this means paying closer attention to the myriad IoT devices within their organizations. And they're not necessarily all the devices you might think of. They also include things such as HVAC remotes, Wi-Fi camera, insulin dispensers, thermostats and any type of wearable and other medical devices. These devices, FBI officials said, are notorious for having serious security deficiencies. This, combined with patching vulnerabilities, make these IoT devices an attractive target for cybercriminals.

[See also: 4 in 5 health orgs hit by cyber crooks.]

So what are the most pressing IoT risks, according to the FBI?

The first is exploiting the Universal Plug and Play protocol to gain access to these devices.

The next involves taking advantage of those default passwords to transmit malicious and spam emails or swipe personal and financial data. There's also the risk of cybercriminals overloading these devices, effectively rendering them inoperable, which could have serious consequences in the realm of healthcare.

FBI officials specifically underlined the risk of criminals gaining access to unprotected devices used for remote patient monitoring medication dispensing.

"Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection," they wrote in the alert.

[See also: Hospital system fails mock cyberattack.]

So what can you actually do about all this? The FBI offered a list of recommendations.

1. Keep up-to-date with security patches for these devices.
2. Ditch any default passwords you may still have and make them stronger: "Do not use the default password determined by the device manufacturer," since many can be found online.
3. Disable UPnP on routers
4. Isolate IoT devices on their own protected networks

How big exactly is IoT? One Gartner report concluded that by 2020, a staggering 26 billion devices will be installed worldwide and connecting with each other.

For healthcare, specifically, the IoT represents an economic impact ranging from $170 billion to a whopping $1.6 trillion each year by 2025, according to a report by McKinsey & Company.

This is not the first time FBI officials have issued a cybersecurity alert to healthcare groups and others. In April 2014 it warned healthcare providers specifically that they needed to shape up their security readiness.

"The healthcare industry is not as resilient to cyber intrusions compared to the financial and retail sectors, therefore the possibility of increased cyber intrusions is likely," according the FBI notice, which was obtained by Reuters