A new study by the European Union for Network and Information Security (ENISA) investigates threats and vulnerabilities in hospitals using the Internet of Things (IoT). The risk-based approach analyses attack scenarios and maps common good practices.
Smart solutions help hospitals improve patient care, including remote care but not enough attention is paid to security and safety issues as cost estimates for data breaches in hospital cyber incidents show.
Common attacks are ransomware cases and DDoS attacks, but these are just a taste of what is to come with the introduction of IoT in the hospital ecosystem, making it even more vulnerable to cyber-attacks.
Key ENISA recommendations are:
- Healthcare organisations should provide specific IT security requirements for IoT components and implement only state of the art security measures
- Smart hospitals should identify the assets and how these will be interconnected (or connected to the Internet) and based on this identification adopt specific practices
- Device manufacturers should incorporate security into existing quality assurance systems and involve healthcare organisation from the very beginning when designing systems and services.
The importance of cyber security in critical infrastructures like healthcare is set to increase with the implementation of the Network and Information Security Directive (NISD). Member states now have 21 months to implement the directive. One of the roles of ENISA in 2017 will be to provide baseline security measures and also investigate cyber security issues in medical devices.
Source: www.enisa.eu