In this article, we would first define IoT and then discuss its impact on the healthcare industry. The article will also talk about what IoT ransomware is, how it affects the healthcare sector, and the measures taken to protect against IoT ransomware.
IoT (Internet of Things) is the collection of computing devices, where all the inter-connected devices are connected via the internet and can receive and send data. In generic terms, we can explain IoT as a network of some physical objects that are embedded with software or sensors, that can make these objects smart. The scope of IoT begins with some mere household objects to extremely sophisticated industrial tools.
It's fascinating to know how these interconnected devices have turned out to be one of the most promising technologies of this century and how it makes our lives more comfortable. The credit for the possibility of IoT technology goes to the internet. For instance, if your smartphone has an internet connection, you can access anything around the world, can’t you? Similarly, if any of your devices connected to the internet, it becomes a smart device.
Before the advent of IoT, the communication between doctor and patient was established either through direct consultation or text messages. A few years back, it was unthinkable for a doctor to monitor a patient remotely. However, now, we have IoT devices that let doctors examine their patients with more care and excellence without their physical presence. The impact of IoT in the healthcare sector is enormous.
With the origin of IoT and its major bang in improving treatment outcomes, it is evident that the healthcare industry is redefined. When the pandemic hit us, the doctors had to go through stressful conditions. Ensuring quality healthcare to ever-increasing infected patients was not a cakewalk. Thankfully, smartphone apps and IoT technology have brought in a positive transform here. With IoT technology in the healthcare sector, doctors can collect real-time data from patients through specific IoT devices. This, in turn, enables them to diagnose the disease and provide necessary treatment to remote patients. IoT has many other applications in the healthcare domain. Let’s take a brief look into it.
Ransomware is the breed of malware that can encrypt the files in your system, which can be accessed only after you get a private key for which you may have to pay a ransom. IoT Ransomware is a similar concept, but it has been underrated for several reasons.
Primarily, ransomware attacking a computer is considered to be dangerous because of its irreversible nature. All your files, either personal or professional, are encrypted, and the only way to get them back is through the decryption key, which you may have to purchase from the culprit. Whereas in the case of IoT, things are a bit different. Mostly, we use the cloud to store the data generated by IoT devices. And so, the data available on the device is either little or nothing. This is one of the reason that explains why IoT Ransomware is not considered a threat by many.
Secondarily, the exploitation of a PC is much easier. The strategies required to hack a PC might be similar and popular. Whereas, the IoT devices will have to be targeted differently making it a big challenge for the hackers. Besides, letting the users know that their IoT device has been hacked needs an additional step like getting their personal information to contact them, which is another challenge.
According to Neil Cawse, CEO at Geotab, a manufacturer of IoT and telematics for vehicles, IoT Ransomware allows hackers to mess around with real-world objects and it is way beyond a single PC or laptop. He also added that shutting down a vehicle or turning off the power at a troublesome time can cause more damage. This indicates the threat in IoT Ransomware is not irreversible in nature, it is more into the impossibility of resetting the device at the time it is needed to handle a situation.
IoT ransomware affecting hospitals is too risky because, seemingly, the victim can be a human being, and the loss will be a human life. In case of hospitals, the risk is life-threatening, and this is exactly what makes hospitals a lucrative target for IoT ransomware attacks. As we won’t know the victim or when and where it will happen unless it occurs, all we can do is take proactive security to prevent IoT ransomware attacks in healthcare organizations. It is highly critical as the inadequate defenses to avoid such situations can affect a life or maybe more.
Here is a list of few problems that make it difficult for hospitals to provide and ensure the appropriate security measures are not facile as we expect.
Ensuring security to all the interconnected devices of the IoT network in a hospital is not easily attainable. A hospital can have a large number of devices and explicitly all working on different Operating Systems (OS). Providing a security shield for these devices as a whole is possible only if the security is tailor-made for that particular IoT network.
In a hospital, there are chances that several devices have been under use for many years. It is crystal clear that some devices here may not be working with updated OS, indicating that patching up is no longer a possible solution.
Suppose a hospital gets attacked and the situation is resolved still, there is a big dilemma in getting things back to how they were. Only with an adequate backup plan can we handle this, or else, the time taken to get things right after an attack can be weeks or even months.
Before taking things into your hands, let me make it clear that some solutions can trigger other issues in the network. Healthcare organizations can still implement some actions to ease the impact of IoT ransomware at hospitals. Some of those are listed below
Make regular security checkups and identify the gaps, get them fixed at the earliest. In the meanwhile, backup all the critical systems and data. Make sure they are offloaded to an environment that is completely isolated from physical connections. Also, make sure that those backups can be restored by someone, and practice doing this, to make yourself prepared to face such a crisis.
Install an anti-malware and keep it updated regularly. Double-check whether it is configured correctly and make it a practice to do regular scans of your environment and handle the revealed vulnerabilities.
Make it a practice to provide staff training to keep every employee aware of the threats and the severe outcomes of it. A good approach can make them familiar with such threats. If they face any such threat, they will know what to do and how to deal with them.
Hospitals and health care organizations should follow the guidelines and security practices listed out by CISA, FBI, etc. It is also recommended to evaluate the cybersecurity postures to identify and fill in any gaps discovered.
Today, the popularity of IoT has reached a situation where an average hospital room contains 15 to 20 connected medical devices. At the same time, each of these devices has a dedicated and significant role in the delivery of care and operational efficiency. However, through each connected device, we can open the door to a malicious cyberattack. It is important to make sure that the networks run while keeping everything safe and secure. This can be accomplished with enforceable security policies that focus on vulnerabilities, conﬁguration assessments, malware defences, etc. To deal with IoT Ransomware in healthcare, the straightforward way is to focus on basic cyber hygiene.