How hospitals can navigate overlooked IoT risks

An Internet of Things expert from Travelers discusses equipment maintenance software, smart screens and IoT-linked cabinets.
By Bill Siwicki
02:09 PM
Share
doctor using smartphone

The global healthcare sector will spend nearly $270 billion on Internet of Things devices and services by 2023, according to P&S Market Research. But with the explosive growth of IoT in healthcare, there are plenty unintended consequences and risks – some that few people are talking about.

For example, equipment maintenance software can help prevent IoT-linked MRI machine outages – but also opens up these machines to increased vulnerability to hackers, said Patty Nichols, medical technology practice lead and an IoT expert at Travelers

"Any machine that is network connected has software that will periodically require updates," said Nichols. "This maintenance is a major part of the software application development life cycle. However, the always-on nature of IoT makes patches and service releases particularly challenging because there is no concept of scheduled downtime; updates need to be applied when devices are in use."

Apps that can accommodate a real-time "push" service pack installation without compromising performance levels during the installation are best as hackers are quick to identify and exploit weaknesses in software, she added.

All networks and databases require regular updates to patch vulnerabilities that cyber criminals can exploit to access data. However, not all businesses practice timely patch management, and poor vendor management can be to blame.

"To help eliminate this IoT-linked vulnerability, hospitals should perform due diligence on vendors and involve IT security in the decision-making process," Nichols advised. "Look for vendors who build in security from the start, where every phase of IoT device development – from product design and development to testing and customer service – interfaces with security engineers so that vulnerabilities are discovered and addressed before a product or device is used in a hospital."

Securing real-time patient tracking tools

On another overlooked front, caregiver IoT-linked smart screens help track patient information in real time across the hospital, but outages or errors can lead to incorrect patient treatment and subsequent lawsuits, Nichols said.

"Caregiver smart screens are one example of how IoT can help make healthcare operations more efficient," she explained. "These screens give doctors and nurses access to critical information, including drug allergies and prescriptions, and provide convenience, enabling nurses and aides to easily document patient vital signs on a touch screen, which then updates the electronic medical record."

However, there are risks that accompany these benefits. Suppose a software glitch results in the deletion of critical patient data, like an allergy. A doctor could view the altered records and give the affected patient medication that leads to an allergic reaction.

"This example of the impact of inaccurate health records is one risk scenario that could lead to bodily injury," Nichols said. "Understanding what could go wrong with any technology that a hospital uses is a critical first step. Hospitals should determine if the med tech vendors have product liability and errors and omissions liability coverages."

Securing RFID to manage inventory

Another example of overlooked healthcare IoT issues: RFID-equipped IoT-linked cabinets track supplies and help manage and optimize inventory, but tampering or simple human error can lead to an undersupply of critical medical products, Nichols noted.

"Hospital inventory management relies on a delicate supply chain and is often subject to human error," she said.

"These IoT-linked cabinets have the potential to eliminate inventory worries, but tampering is a challenge that needs to be dealt with and simple human error is still a concern."

Best practices for reducing the risks in this scenario include limiting access to the cabinets, requiring strong passwords and encrypting critical data elements, she advised. Reducing the number of people with access to only those necessary and qualified can help lessen the odds of simple human error and tampering, and increasing cybersecurity measures also helps protect the cabinets, she advised.

Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com