Blog

The internet of (insecure) things - a looming risk in health care? | Risk Strategies

Written by Robert Rosenzweig | Sep 6, 2018 4:00:00 AM

Technology industry research and advisory firm Gartner estimates that there will be 20.4 billion connected Internet of Things devices (IoT) by 2020.  Given the growth potential in this marketplace, these products are often rushed to market and the built in security is often deficient relative to legacy systems. So, while these devices bring many conveniences to consumers and allow commercial users to realize efficiencies and innovate, it is important to remember that the increase in the the use of these devices also increases the number of points of vulnerability – what cyber security experts call the attack surface - for households and corporations.   

While this should be a consideration for all users of IoT devices, this should be of particular concern for Health Care entities where security shortcomings can directly affect devices that are necessary in administering critical care to patients such as infusion pumps. This article at securityweek.com provides some great risk mitigation tips from the National Institute of Standards and Technology for Health care organizations to consider when implementing IoT devices for patient care.

In addition to the risk management protocols outlined in the article, it is imperative that health care organizations look carefully at how their Cyber Liability insurance policy would respond to incidents involving IoT devices.  What if all IoT devices are taken offline by a dedicated denial of service attack or ransomware incident?  What if patients’ lives depended on those devices?

As the cyberattack surface evolves, the questions multiply and the implications of their answers become more nuanced. Connect with Risk Strategies Cyber Risk experts to learn more about navigating this evolving liability terrain and to be sure your policy covers IoT devices and the Business Interruption risks that all Health care organizations face today.