More than ever, healthcare organisations must make sure that patients, staff, data, equipment, and premises are all safe. Although ransomware demands and cyberattacks on the healthcare industry are in the news, physical security is still essential. IoT devices are advancing in this area to assist safeguard clinics, hospitals, and the patients that use them.
In order to comply with local, state, and federal regulations, such as HIPAA and the Joint Commission on Accreditation of Healthcare Organizations, or JCAHO, medical institutions use linked Internet of Things devices for a variety of purposes. Hospitals and clinics are implementing devices and systems for access control, integrated surveillance, visitor management, patient wandering, and duress detection systems to address physical safety issues and reduce on-site risks.
Healthcare personnel require protection.
Similar to other businesses, healthcare adopted security-focused equipment quickly, but is now dealing with a substantial administrative and maintenance workload. Having networked security cameras, access control systems, and hacker-proof operating sensors—all of which call for automation—is a good place to start.
Instead of compromising physical security, most hackers that target healthcare facilities resort to ransomware assaults to profit financially. However, in one significant breach of privacy, hackers were able to access cameras at hospitals across numerous states and observe patients in intensive care units.
IoT devices are neglected when it comes to maintenance and cybersecurity because they don’t provide hackers with instant money gains. This is incorrect since, once penetrated, physical security systems can serve as a launchpad for significant cyberattacks.
AI can assist in securing medical facilities.
For more recent physical security systems, machine learning and AI are important. Systems that identify those who enter through an unauthorised point or who fail to register correctly can now be installed in healthcare institutions. Without using any private information, this face-matching technology functions. Such methods make it impossible for thieves to steal a badge after admission.
For particular building areas, such as those for paediatrics and mental health, many facilities require internal access control. The detection of duress, the presence of guns, and patient wandering are additional AI-supported applications.
Security flaws in IoT medical equipment
A further issue facing hospitals is how to safeguard the connected devices that contribute to the security of the building and its occupants. There are undoubtedly holes. Many healthcare facilities lack cybersecurity personnel. This disparity needs to be addressed because some hospitals have annual budgets that exceed the size of the entire metropolitan area where they are located.
The two major unforced errors that frequently leave devices vulnerable—failing to change passwords and using devices with hardcoded passwords—could both be caused by a lack of cybersecurity personnel.
Password rotation is used for access control and surveillance cameras in hospitals, warehouses, and shopping centres.
Controls are frequently disregarded or overlooked. The equipment owner or operator is accountable for that, but because manual tracking is so challenging, many facilities just forget to rotate passwords. This indicates that many physical security devices have been using the same factory-set password for many years and may never be changed.
Hardcoded passwords are something that ought to automatically disqualify applicants, but didn’t. Even manufacturers often employ hardcoded passwords out of convenience or carelessness, which gives hackers a huge advantage. Without applying software patches, they are frequently impossible to alter.
How to improve physical security in the healthcare sector
Healthcare institutions can take a number of actions right once to improve their security posture as the fight to protect IoT-linked physical security is ongoing:
1. Ensure that all linked devices are continually and continuously visible on hospital and clinic networks. In a sizable hospital, there could be hundreds or thousands of shadow devices.
2. Password rotation and facility-wide firmware updates should be implemented right away to automate security hygiene for cameras and other security systems. This prevents the vast majority of assaults on devices that maintain physical security as well as on IT infrastructure.
3. To stop assaults from spreading across device fleets or affecting the entire IT infrastructure, segment networks of physical security devices.
4. Some security professionals believe that it is past time for hardware-level protection to be included into devices. It’s a new trend, and manufacturers are still learning how to use it.
5. Pay attention to the human element of cybersecurity. It’s crucial to hire the right cybersecurity experts, but it’s also crucial to train healthcare employees to spot assaults and act quickly to limit harm.
Security cameras, as well as other sensors and controls used for physical security, are examples of IoT devices that are inherently vulnerable to malware and other threats. The healthcare sector, insurance firms, and the Cybersecurity and Infrastructure Security Agency all have a stake in working together to develop standards for safeguarding the equipment necessary to maintain physical security at healthcare facilities.
If they haven’t previously, healthcare facilities must automate and apply fundamental equipment security measures. Administrators could also consider cutting-edge security tools, such as hardware- and AI-based alternatives.
Hospitals and clinics must maintain a clear grasp on the day-to-day requirements of cybersecurity for those very systems as they innovate to increase physical security with new connected devices and capabilities. To scale up device management and security, they want in-house experts equipped with the appropriate technologies.