- More healthcare organizations are implementing connected medical devices and are moving storage and backup options to the cloud. However, healthcare technology leaders are greatly concerned over IoT security with connected devices, according to recent research from ISACA.
Seventy-one percent of surveyed business technology professionals in healthcare said there is some resistance to IoT. This is likely because that is a sector that suffered from a data breach with IoT devices, researchers explained.
Nearly three-quarters (74 percent) of all respondents said they are moderately to extremely concerned about their organization’s ability in IoT device security. Sixty-six percent of those surveyed said IoT was a “high risk” technology, with 96 percent considering it “medium to high risk.”
“Emerging technologies have to be embraced,” ISACA CEO Matt Loeb said in a statement. “As the research shows, the reluctance to deploy them is linked to the need to understand and mitigate the risks of doing so. Organizations that implement a strong information and technology governance program will better understand their capabilities, which leads to more effective risk management and increased confidence in deployment of these technologies.”
The survey also found that 47 percent of business technology professionals do not consider their organization’s leader to be digitally literate. Furthermore, less than one-quarter stated that their senior leadership was very receptive to adopting emerging technologies.
Just under half of respondents (49 percent) said they faced organizational challenges or resistance when deploying artificial intelligence (AI)/machine learning. Forty-eight percent reported challenges or resistance with public cloud deployment, while 46 percent of respondents said IoT deployment had implementation difficulties.
Approximately one-third (34 percent) said that blockchain deployment led to some kind of resistance.
“The resounding message from our research is clear: senior leadership needs to invest in increasing its digital fluency,” Loeb said. “Organizations with digitally fluent leadership are more clearly recognizing the benefits and risks of emerging technologies.”
Healthcare IoT has the capability to help providers improve patient care and ensure that critical health services have access to the latest technology. Covered entities and their business associates must ensure they are considering security measures as they consider implementing new connected devices.
Even if leadership is hesitant, research shows that the IoT market is not decreasing in popularity anytime soon for the industry. The global healthcare IoT security market is expected to reach $15.82 billion growing at a CAGR of 22 percent from 2016 to 2022, according to a Market Research Future report from June 2017.
“[IoT] can also be remotely controlled and is highly automated across existing network infrastructure, resulting in improved efficiency, accuracy and economic benefit in addition to reduced human intervention,” researchers stated.
Cross transferability of the IoT security to a variety of sectors and savings due to increasing automation were just two healthcare IoT security growth factors the research team cited. It was also acknowledged in the report that shorter lifecycles and greater sink costs associated with the technology can hinder continued growth.
Other research has also noted though that healthcare leadership is hesitant over IoT devices. A Deloitte poll conducted earlier in 2017 showed that 30 percent of surveyed professionals said identifying and mitigating potential risks in legacy and connected devices was the greatest cybersecurity challenge.
Approximately 20 percent of respondents said embedding vulnerability management into the medical device design phase was an IoT medical device challenge, while 19.5 percent said monitoring and responding to cybersecurity incidents was a key issue.
“Legacy devices can have outdated operating systems and may be on hospital networks without proper security controls,” said Russell Jones, Deloitte Risk and Financial Advisory partner, Deloitte & Touche LLP. “Connected device cybersecurity can start in the early stages of new device development, and should extend throughout the product’s entire lifecycle; but even this can lead to a more challenging procurement process. There is no magic bullet solution.”