7
min reading time
In recent years, the Internet of Things (IoT) has grown from arising technological innovations and inventions to devices and equipment that form part of our daily lives. Smart cars, office buildings, homes, and industries, as well as wearable devices and smart sensors, are ushering in anew era of digitization. However, there are sectors -such as healthcare-, in which IoT is of particular importance.
Internet of Medical Things (IoMT) is a collective name for connected devices, applications, and networks that are responsible for convenience and faster communication in patient care, maintaining human health, and, in some cases, even for life. Its technology is developing extremely fast,including the related IoMT hardware, sensors, data processing software, and specialized infrastructure. It is often called the healthcare IoT.
In this article, we will take a closer look at theInternet of Medical Things and demonstrate why cybersecurity plays a criticalrole in these smart healthcare solutions.
The Internet of Medical Things (IoMT) is often referred to as healthcare IoT. IoMT is a collection of hardware, medical equipment, and software that is connected with healthcare information technology systems via online networks.
Internet of Medical Things includes:
● Networks and gateways that transfer data foradditional processing.
● Data sources and sensors that instantly captureand collect medical symptoms.
● Data interpretation applications and software that provide special medical-related services.
● Services for data storage and management to handle vast volumes of raw data and extract relevant information.
Healthcare devices with wireless connections (wi-fi, bluetooth, zigbee, etc.) enable machine-to-machine communication and flexible data processing which is the foundation of the Internet of Medical Things. The majority of the data that is transferred through these systems is considered sensitive personal information.
According to Deloitte,the Internet of Medical Things market is estimated to be worth $158.1 billion in 2022 and isconstantly growing. However, this rapid growth and spread of use come with a price: authorities that supervise and regulate these systems have a hard time keeping up with the pace of development, therefore IoMT cybersecurity compliance is definitely a concern that should be addressed.
Although both are used in healthcare, it is important to know that the Internet of Medical Things is not the same as smart medical devices. Learn more about the importance of medical device regulations from a cybersecurity point of view in our previous article.
On-body IoMT refers to wearable medical equipment linked to remote tracking or monitoring systems. On-body IoMT, as opposed to in-house IoMT, may frequently be utilized outdoors. Devices with glucose sensors are an excellent example of on-body IoMT. Diabetic individuals can wear them to monitor glucose levels constantly. The majority of these wearables immediately exchange data with the patient's clinician to facilitate prompt and precise treatment.
Patients are able to automatically transmit their medical data (i.e.: blood pressure or oxygen saturation etc.) to their healthcare provider or a hospital in real-time using the in-home Internet of Medical Things. This can help to prevent hospital read missions by identifying problems before they become critical.
Community IoMT refers to the use of Internet of Medical Things devices over an extended geographic area. Mobility services, paramedics, and first responders employ these emergency response IoMT systems to track patient conditions outside of the hospital.
Hospitals and clinics have to control the quality and supply of their medical assets over time, as well as understand how employees and patients move within the facility. Healthcare staff employs Internet of Medical Things sensors and other monitoring technologies to track all of these contacts so that administrators may have a thorough view of the hospitals' daily operations.
As more IoMT devices and applications become accessible to patients that are connected to different networks to send data to physicians and hospitals, they become more vulnerable to hacking. This issue is exacerbated by the fact that the data is shared across numerous systems, resulting in various attack possibilities.
Any exploited vulnerability in the Internet of Medical Things may allow cybercriminals to perform a variety of maliciousactions, including
● gaining control of the IoMTequipment,
● stealing private patient data,
● stealing clinical records,
● disrupting network traffic,
● disrupting ongoing healthcare processes,
● ransoming the IoMT device to gain profit.
According to the latest statistics, the effect of ransomware attacks on healthcare is worrying and undermanaged at the sametime. Among other reports, this is demonstrated by the Ponemon Institute's published research titled "Insecurity of Connected Devices in Healthcare 2022" which went in-depth on the effects of unsecured IoMT on hospitals and patients.
According to the research:
● At least one ransomware assault was encountered by 43% of the respondents.
● 88% of cyberattacks apply IoMT devices.
● The average expense of a databreach is much in excess of $1 million.
● Tragically, 24% of cyberattacks result in raised mortality rates.
ETSI EN 303 645 - Cybersecurity Standard for Consumer IoT Devices is the first internationally applicable Cybersecurity Standard for IoT, including Internet of Medical Things devices. It establishes a set of minimum requirements for all consumer IoT devices as well as serves as a foundation for future IoT cybersecurity certification schemes.
ETSI EN 303 645 does not prioritize protection against long-lasting and sophisticated cyberattacks that need continuous physical access to the device. Rather, the emphasis is on the technological controls and organizational policies that are most important intackling the most serious and pervasive security flaws. Overall, the Standard is intended to protect against simpler attacks on primary design vulnerabilities such as weak passwords.
While the advantages and positive effects of the Internet of Medical Things devices are undeniable, implementing the IoMT comes with its own set of challenges, the most prominent of which is its security and privacy.
This is where CCLab medical solutions come into the picture as a reliable partner and support. We are an agile cybersecurity lab with adecade of extensive experience in cybersecurity compliance assessment projects.
We provide a comprehensive solution for our customers, whether it is a cybersecurity compliance evaluation of their IoMT devices or an assessment against medical device cybersecurity regulations. Our professionals accompany the customers throughout the entire process: our consultants provide support to prepare, then the evaluators of our testing laboratory inspect the device according to the chosen standard or requirements.
We are equipped and qualified to help with
● MDR/IVDR regulation compliance projects;
● Common Criteria certificate consultations and assessments for IT products and systems;
● Evaluations according to the ETSI IoT cybersecurity standard;
● Standalone vulnerability assessments.
The Internet of Medical Things has fundamentally changed modern healthcare and patient treatment in recent years. IoMT ensures minimum human intervention throughout different healthcare processes and routine patient visits. Besides the convenience, IoMT also radically decreases the costs of patient care while boosting the efficiency of healthcare professionals.
On the other hand, the numerous advantages of the Internet of Medical Things, are overshadowed by the connected devices, networks, and applications that are unprotected or vulnerable to security- and privacy-related attacks. ETSI EN 303 645 is the first globally applicable cybersecurity standard that sets fundamental requirements for all consumer IoT devices (including IoMT) as well as acts as a framework for future IoT cybersecurity certification schemes.
Manufacturers and distributors of IoMT are responsible to ensure that their products that handle sensitive personal information, as well as their consumers who buy them, are safe from malicious cyber attacks. One of the most effective ways is by complying with current cybersecurity regulations and standards, for which CCLab offers a professional and comprehensive solution.
Get in touch with us to discuss the details!
Download our ETSI EN 303 635 infographics today and learn about the product certification process for this consumer IoT device cybersecurity standard.
Want to understand the MDR, IVDR regulation? Download our e-book on the latest requirements of medical cybersecurity
The second stage of the medical device cybersecurity testing framework is risk assessment. This downloadable infographics introduces the risk analysis process to you.
In an era where digital threats grow in complexity and frequency, cybersecurity is no longer a secondary consideration but an essential part of manufacturing operations. Compliance with security standards offers manufacturers a structured approach to managing the growing risks of digital threats and securely handling sensitive data. Compliance also helps companies meet industry regulations, protect intellectual property, and avoid potentially devastating financial losses.
8
min reading time
The rise of the Internet of Things (IoT) has revolutionized how we interact with technology. Consumer IoT devices are now deeply integrated into the fabric of modern life, from smart home appliances, wearable gadgets, and connected vehicles to health monitors and voice assistants. However, the increased connectivity provided by consumer IoT products also introduces a broader attack surface for cyber threats.
8
min reading time
In this insightful interview, Ferenc Molnár, founder and CEO of CCLab discusses the critical importance of wireless device cybersecurity in today's digital landscape. The interview provides valuable insights into the importance of collective efforts in safeguarding our digital world and also delves into the upcoming regulatory changes, specifically the Radio Equipment Directive (RED), introduced by the European Union (EU).
12
min reading time