Future of healthcare must be built on security

Issue 7 2021 Healthcare (Industry)

South Africa is poised to start benefiting from a plethora of healthcare technologies which could dramatically improve patient care at a lower cost, boost preventative healthcare and take the best medical practitioners virtually to the most underserved regions of the country. However, exciting new developments in healthcare technology could also put patients at risk in both the cyber and real world.

Doros Hadjizenonos.

This is according to Fortinet South Africa security experts, Doros Hadjizenonos and Matthew Taljaard, who warn that the promise of emerging healthcare technologies could be derailed by security risks.

Hadjizenonos, regional sales director SADC at Fortinet, says Internet of Things (IoT) and Internet of Medical Things (IoMT) devices are increasingly being adopted for greater efficiency and improved patient care in the healthcare sector. These tiny, connected devices are being deployed to monitor patient vital signs and treatment, track pharmaceuticals and control medical equipment throughout hospitals. “We are seeing adoption and interest from private hospital chains locally, who are considering IoT for efficiencies, for managing patients and analysing data,” he says. “There is potential to deploy IoT for patient monitoring both at home and in hospitals, for example, connected beds with oxygen meters and heart rate monitors feeding information back to nurses’ stations. IoT can also be used to automate devices administering treatment, such as ventilators.

IDC’s Worldwide Internet of Things Spending Guide forecast of May 2021 says worldwide spend on IoT is anticipated to pass US$ 1 trillion by 2024, with South Africa among the fastest-growing IoT markets in the MEA region, growing at an expected CAGR of 14% from 2020 to 2025. The global IoMT market was valued at US$ 44,5 million back in 2018 and is expected to grow to US$ 254,2 million in 2026, according to AllTheResearch.

More accessible healthcare

Smart technologies such as smart watches and other wearables, as well as video conferencing and telemedicine also become part of this broader ecosystem, bringing with them the opportunity to make healthcare more accessible, affordable and proactive.

However, Matthew Taljaard, subject matter expert for OT (operational technology) at Fortinet, notes that as smart technologies start controlling surgeries and patient treatment, the risks associated with advanced healthcare could grow. “Data privacy and cybersecurity are already a key concern in healthcare, as healthcare records are a prime target for cyber criminals. Fortinet finds that medical records are worth 10 times more than credit card numbers on the black market. On top of that, as we have seen in the industrial sector, as IT and OT converge, cyber risk can threaten health and safety in the physical domain. This could put patient lives at risk should cyber attackers access physical patient monitoring and treatment systems.

“Much in the same way we enabled work from home by securing that environment, by properly securing the healthcare environment we can create a safe platform that gives health professionals and patients the confidence to start benefiting from all the advanced medical technologies coming to market,” he says.

Hadjizenonos says: “Healthcare organisations have to start preparing for the future of healthcare by building security into the design of the entire environment. Because it is difficult to build security into small IoT or IoMT devices; technology needs to be deployed to detect and monitor all the devices and secure the traffic following between them. If a device was to be compromised it would be from the network point of view.”

Visibility, segmentation and seamless protection

IoT devices are vulnerable to hijacking and weaponisation for use in distributed denial of service (DDoS) attacks, as well as targeted code injection, man-in-the-middle attacks and spoofing. Fortinet warns that malware is also more easily hidden in the large volumes of data IoT devices produce, while some IoT devices can be remotely controlled or have their functionality disabled – which could be used in a ransomware attack.

Fortinet says robust IoT security requires integrated solutions capable of providing visibility, segmentation and seamless protection across the entire network infrastructure. Healthcare organisations should be capable of authenticating and classifying IoT devices, as well as segmenting IoT devices based on their risk profiles. They should also have the ability to monitor, inspect and enforce policy based on activity at different points within the infrastructure and take automatic and immediate action if any network devices become compromised.

To ensure compliance and data protection, organisations should take a zero-trust approach with role-based access control and a unified security fabric aggregating the security architecture across physical and cyber domains.

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Paxton’s Net2 secures medicinal cannabis facility
Paxton Access Control & Identity Management Healthcare (Industry) Videos
Paxton’s Net2 access control has been installed at Highlands Grow, a fully licensed industrial-scale cultivator, producing cannabis for medicinal and recreational use.

Lock down your access control with Alcatraz AI
C3 Shared Services Healthcare (Industry) Access Control & Identity Management AI & Data Analytics
Alcatraz AI, represented in South Africa by C3 Shared Services, changes access control by harnessing the power of artificial intelligence and analytics at the edge, where facial recognition becomes the essential credential autonomously.

First telemedicine platform for South Africa
Guardian Eye Healthcare (Industry) AI & Data Analytics
South African employees often struggle to receive timely, affordable, and accessible healthcare. The challenge for many healthcare initiatives within organisations is the melting pot of cultures.

Healthcare and the edge
Technews Publishing Healthcare (Industry)
With the proliferation of IoT devices in healthcare, more data is generated which drives the need to distribute it efficiently and keep it closer to the user.

The cybersecurity consolidation conundrum
Editor's Choice Information Security Healthcare (Industry)
Check Point discusses why less is sometimes more when it comes to securing your organisation from the innumerable cyberattacks happening every day.

Cyber risks to healthcare
Healthcare (Industry)
60% of healthcare organisations in South Africa have confirmed that all medical equipment they use runs up-to-date software. Usage of legacy operating systems (OS) expose healthcare organisations to additional vulnerabilities and cyber risks.

Home care and assisted living
Salto Systems Africa Healthcare (Industry)
SALTO prevents unauthorised access, while saving residents – who may have mobility issues – from having to open their door since physical keys are replaced with contactless smart fobs, PIN codes or smartphone access.

Touchless healthcare
ZKTeco Healthcare (Industry)
With confidential data and potentially dangerous drugs and medical equipment, it can be more of a challenge for the healthcare sector to keep their premises safe than in other industries.

Data compliance for healthcare
Healthcare (Industry)
All healthcare facilities including hospitals and clinics are required to manage the complete destruction of all data when IT assets reach end-of-life using compliant data erasure techniques essential to protect company data.

Improving patient care
Axis Communications SA Surveillance Healthcare (Industry)
Nemours Children’s Health System has installed Axis network video cameras in every patient room to improve patient care to avoid nuisance alarms.