WHILE South Africa is poised to benefit from a plethora of healthcare technologies which could significantly improve patient care at a lower cost, boost preventative healthcare, and take the best medical practitioners virtually to the most underserved regions, these developments could also put patients at risk in both the cyber and real world.
Fortinet Regional Sales Director SADC Doros Hadjizenonos, said the Internet of Things (IoT) and Internet of Medical Things (IoMT) devices were increasingly being adopted for greater efficiency and improved patient care in the healthcare sector.
“These tiny, connected devices are being deployed to monitor patient’s vital signs and treatment, track pharmaceuticals and control medical equipment throughout hospitals. We are seeing adoption and interest from private hospital chains locally, who are considering IoT for efficiencies, for managing patients and analysing data,” said Hadjizenonos.
There was potential to deploy IoT for patient monitoring both at home and in hospitals, for example connected beds with oxygen meters and heart rate monitors could feed information back to nurses’ stations. IoT could also be used to automate devices administering treatment, like ventilators.
According to the IDC’s Worldwide Internet of Things Spending Guide forecast of May 202, worldwide spend on IoT was anticipated to pass US$1 trillion by 2024, with South Africa among the fastest-growing IoT markets in the MEA region, growing at an expected to grow at a CAGR of 14 percent from 2020 to 2025. The global IoMT market was valued at $44.5 million back in 2018, and is expected to grow to $254.2 million in 2026, according to AllTheResearch.
Smart technologies such as smart watches and other wearables, as well as video conferencing and tele-medicine have also become part of this broader ecosystem, bringing with them the opportunity to make healthcare more accessible, affordable and proactive.
However, Fortinet Subject Matter Expert for OT (Operational Technology) Matthew Taljaard warned of the risks associated with advanced technological healthcare.
“Data privacy and cyber security are already a key concern in healthcare, as healthcare records are a prime target for cyber criminals. Fortinet finds that medical records are worth ten times more than credit card numbers on the black market. On top of that, as we have seen in the industrial sector, as IT and OT converge, cyber risk can threaten health and safety in the physical domain. This could put patient lives at risk should cyber attackers access physical patient monitoring and treatment systems,” said Taljaard.
However, developing a safe platform could secure the healthcare environment to give professionals and patients the confidence to start benefiting from the advanced medical technologies coming to market.
Fortinet said healthcare organisations had to start preparing for the future by building security into the design of the entire environment.
“Because it is difficult to build security into small IoT or IoMT device; technology needs to be deployed to detect and monitor all the devices and secure the traffic following between them. If a device was to be compromised it would be from the network point of view.
“IoT devices could be vulnerable to hijacking and weaponization for use in distributed denial of service (DDoS) attacks, as well as targeted code injection, man-in-the-middle attacks, and spoofing.”
Fortinet warned that malware was also more easily hidden in the large volumes of data IoT devices produced, while some IoT devices could be remotely controlled or have their functionality disabled which could be used in a ransomware attack.
Hadjizenonos said robust IoT security required integrated solutions capable of providing visibility, segmentation, and seamless protection across the entire network infrastructure. Healthcare organisations should also be capable of authenticating and classifying IoT devices, as well as segmenting IoT devices based on their risk profiles.
According to Fortinet, “they (healthcare organisations) should also have the ability to monitor, inspect and enforce policy based on activity at different points within the infrastructure, and take automatic and immediate action if any network devices became compromised.”
The company said organisations should adopt a zero-trust approach with role-based access control, and a unified security fabric aggregating the security architecture across physical and cyber domains.
BUSINESS REPORT ONLINE