In April 2015, a major report released by MarketResearch.com on the ever-burgeoning Internet of Things (IoT) predicted that the highest segment for growth in the IoT would be healthcare, and that that market segment alone would be valued at an astounding $117 billion within five years. The healthcare IoT is bound to continue to revolutionize health care, specifically in providing increased monitoring and response time, but the convenience and efficiency of the IoT also brings with it increased concerns about data security, especially with regard to personal privacy.
How the IoT is Changing Health Care
Some of the biggest health dangers that Americans face include misdiagnosis, less-than-ideal health monitoring, and human error in providing treatment, e.g. through the provision of the wrong dosage of a drug. Healthcare IoT devices can provide vastly improved care for patients by allowing for constant monitoring of patient conditions and automating the response to those conditions through immediate communications with doctors and nurses, automatic drug injections, and so on. In short, a future beckons in which a patient’s emergency conditions are never ignored, and the proper treatment is always promptly administered. Furthermore, through such automation, costs can be cut and improved healthcare extended around the world.
Outside of medical offices, individuals can (literally) take the healthcare IoT into their hands, by using devices such as FitBits and more specialized devices relating to particular health conditions to monitor their own health and benefit from the type of prompt attention to illnesses and injuries that used to require a visit to the doctor to notice and address.
Privacy Concerns and the Healthcare IoT
With all of this increased monitoring and efficiency comes concerns about the privacy of the healthcare info being transmitted. As with any laptop, tablet, or smartphone that is connected to the Internet, IoT devices are susceptible to being spied on by cyber actors. What this means is that any healthcare information being transmitted can be stolen by hackers, and the device itself may be used to gain access to larger databases of information, including medical records of diagnosis and treatment, as well as other personal information including social security numbers, insurance information, and payment information.
Compounding these concerns is that, because IoT devices generally transmit information and operate without human direction (e.g. typing and sending an email), a hack into someone’s personal fitness device may go unnoticed for weeks or months by the user, and a cybercriminal can use the device to connect to other devices owned by the user such as a laptop, which may contain even more sensitive information.
Can the Healthcare IoT be Commandeered?
Perhaps even more dramatic than privacy concerns are those involving the immediate safety of the IoT user. Viewers of the television show Homeland may recall a particularly infamous scene in 2012 when a character’s pacemaker was hacked into by nefarious parties on the other side of the globe, causing the life-sustaining pacemaker to stop working. At the time, some viewers and critics howled at the scenario as being a fantastical and unrealistic creation of the writers, but could such a remote medical device hacking actually happen?
The frightening but true answer is yes, and researchers at the University of South Alabama carried out a successful simulated hacking of a pacemaker in 2015. And such threats are widespread. As one researcher put it, deadly denial of service attacks and hacks on medical device security controls can be executed by “a student with basic information technology and computer science background.”
The threat is not limited to pacemakers, of course, and any connected medical device critical to sustaining life or health can be susceptible to hacking, including insulin pumps and radiation machines. As in any market segment that deals with cybersecurity, healthcare IT professionals are putting forth their best efforts to develop security protocols to protect against such hacking, but cybercriminals are doing their best to work to overcome such safeguards.
Work with Trusted Data Security Attorneys
For more information on strategies for you and your business to avoid data security breaches associated with IoT devices and respond to breaches that may have already occurred, contact the data security attorneys at McCuneWright at 909.557.1250.