Why We Need to Start Incorporating Better Cybersecurity Measures for IoT Devices Used by Health Organizations

Why We Need to Start Incorporating Better Cybersecurity Measures for IoT Devices Used by Health Organizations

By Ludovic F. Rembert, Head of Research at Privacy Canada.

You’d be hard-pressed to find a sector that hasn’t seen vast technological improvements in recent years, and the healthcare industry is no exception. One reason for its rapid technological innovation has been due to its adoption of the IoT, or the Internet of Things.

The IoT has incredible potential in the healthcare sector. In fact, the IoT in healthcare is projected to be valued at $534.4 billion by 2025. Examples of uses for the IoT in healthcare applications include automating patient care workflow, tracking the location of medical equipment in real time, and enabling machine-to-machine communication.

But while healthcare organizations have been making huge steps towards newer technology to help improve resource allocation and eliminate any lost time, including with the IoT, a major concern is the increased vulnerability this comes to cybercriminals. As hacking has been on the rise since the COVID-19 pandemic began, cybersecurity needs to be an utmost priority for health organizations.

Cybersecurity in the healthcare sector

Cybersecurity has become more important than ever in the digital age, and when dealing with medical records and patient data, it should be at the forefront of any health organization’s mind.

A major factor to consider with cybersecurity in the healthcare sector in particular is ensuring that you are compliant with the HIPAA, or Health Insurance Portability and Accountability Act. This basically means that the data and personal information of your patients must be protected at all costs and given the same level of care as the patients’ own personal health.

This is why healthcare organizations are seriously upping their IT budget and hiring cybersecurity specialists. Hospital and healthcare organizations have also been utilizing HIPAA compliant hosting to prevent medical record data breaches in the cloud and to protect patients utilizing wearable IoT technology.

Keep in mind that web-based attacks account for almost 50% of cybersecurity threats, so the adoption of better security measures for the increased number of IoT devices in healthcare should not be overlooked. Ransomware attacks in the healthcare industry have also been on the rise for years, and as the name suggests, the attacker has to pay out to get their data back, the healthcare industry has taken the lion’s share of these types of attacks.

Testing security measures is a prevalent way of ensuring your healthcare organization is secure from cybersecurity threats, and a number of tools can help spot vulnerabilities. For example, with the use of DevOps tools (or tools that combine IT operations with software development), HIPAA compliance can actually be automated, allowing your teams to have control over the systems efficiently and with much more ease.

The cost of poor cybersecurity

Due to the nature of cybersecurity threats, no industry is immune, and anyone connected to technology and the internet is inherently vulnerable. This is why it is critical that medical organizations understand the cost and repercussions of poor cybersecurity.

Data breaches cost the health industry almost $6 billion each year and it’s on the rise, so it is no small issue to address, and as alluded to in previous sections, the increase of IoT has a wealth of benefits, but if these devices are ill-protected these pros are negated by the issues.

For the medical industry, the cost of improper cybersecurity is much more than monetary. If organizations fail to protect their data, they are damaging their credibility, reputation, and patients’ privacy.

Protecting patient information

Medical errors are bound to happen from time to time. A good percentage of these are attributed to human error, and this is one of the reasons why the IoT has become so prevalent, due to its ability to help reduce these errors.

Errors such as patient mixups, missed allergies or other important medical information can be stored on IoT-connected wristbands, but when left unprotected, this information can fall into the wrong hands. Machines will simply make less errors or typos when recording data, making IoT medical technology a vital tool for collecting, storing and checking patient data.

Needless to say, protecting patients’ data and their privacy should be a top priority for any medical or health organization, but despite this, there’s been a rise in breaches, with the cost of a data breach in healthcare more than twice the mean across other industries.

Preventing hackers from accessing patient information with specialized hacking requires specialized tools to prevent that from happening. It’s for this reason that all health organizations need to make it a rule if they haven’t already to encrypt all patient data that is run through a hospital network.

What’s more, is that data encryption is hardly an expensive investment and will not add much cost to a hospital’s IT budget. Several reliable virtual private networks (VPNs) are available at little to no cost, while incorporating proven encryption measures such as L2TP and IKEv2.

Critical strategies to improve cybersecurity

The significant financial implications of cybersecurity can’t be overlooked, whether its security professionals or health informatics, there’s a lot of people ensuring medical organizations stay secure.

Here are a few practices suggested to improve health organizations cybersecurity:

  1. Creating a secure culture – having cybersecurity education and training for healthcare professionals with every member of the organization being responsible for patient data protection, devices and having a security-first culture
  2. Adopting safe device habits – employee onboarding should focus on having training for best computer/device use practices and security software
  3. Protecting mobile devices – mobile devices have become commonplace in healthcare settings, but with these come new threats. Encryption, password protection, and other security measures are vital to ensure information remains secure
  4. Utilizing a firewall – any device connected to the internet is recommended to have a firewall
  5. Backup and storage – plan for the unexpected, back-up information regularly and store this backed-up data separately from the main system
  6. Rotate strong passwords – having to change passwords may feel tedious, but using strong passwords that require changing every few months will keep systems significantly more secure
  7. Limit access to protected data – only give access to people who need it, this limits the potential for internal leaks too
  8. Install anti-virus software – installing and keeping software updated is critical to ensuring health care systems are protected
  9. Control network access – no new software, applications, or programs should be installed by staff without proper authorization
  10. Manage physical access – computers and devices with sensitive data should be locked in secure areas to limit physical device theft

Prior to the IoT, doctor’s interactions with their patients were mainly physical and text-based communications, with doctors having no real way to monitor their patients’ health on an ongoing basis.

IoT devices in healthcare signal the movement of the industry towards more efficient and effective services by health organizations, providing the potential of keeping patients healthier and allowing medical professionals to give premier care. Additional bonuses in the form of higher patient satisfaction and engagement have come from the use of IoT devices too, due to interactions being more simple and vastly more efficient.


Understanding the risks and rewards of utilizing IoT devices in the healthcare industry is important for health organizations moving forward. The increased adoption of the Internet of Things is definitely where the industry has been heading, and with the proper security, the benefits of IoT devices for healthcare can be reaped.

Related posts