The Internet of Things (IoT) refers to any object or device which connects to the Internet to automatically send and/or receive data may pose serious security risks for medical devices and wearables, according to an FBI public service announcement. For healthcare, medical devices, such as wireless heart monitors or insulin dispensers and wearables e.g. fitness devices could provide opportunities for cyber criminals to intrude upon private networks and gain access to other devices and information attached to these networks.
Healthcare IoT Security Risks
The FBI states:
“Criminals can also gain access to unprotected devices used in home health care, such as those used to collect and transmit personal monitoring data or time-dispense medicines. Once criminals have breached such devices, they have access to any personal or medical information stored on the devices and can possibly change the coding controlling the dispensing of medicines or health data collection. These devices may be at risk if they are capable of long-range connectivity.”
FBI Recommendations
To combat IoT risks, the FBI has offered a list of recommendations:
– Patients should be informed about the capabilities of any medical devices prescribed for at-home use. If the device is capable of remote operation or transmission of data, it could be a target for a malicious actor
– Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device;
– Isolate IoT devices on their own protected networks;
– Disable UPnP on routers;
– Isolate IoT devices on their own protected networks;
– When available, update IoT devices with security patches;
– Consumers should be aware of the capabilities of the devices and appliances installed in their homes and businesses. If a device comes with a default password or an open Wi-Fi connection, consumers should change the password and only allow it operate on a home network with a secured Wi-Fi router;
– Use current best practices when connecting IoT devices to wireless networks, and when connecting remotely to an IoT device;
– Ensure all default passwords are changed to strong passwords. Do not use the default password determined by the device manufacturer. Many default passwords can be easily located on the Internet. Do not use common words and simple phrases or passwords containing easily obtainable personal information, such as important dates or names of children or pets. If the device does not allow the capability to change the access password, ensure the device providing wireless Internet service has a strong password and uses strong encryption.