IoT Health Devices: Exploring Security Risks in the Connected Landscape
[ad_1]
The Internet of Things (IoT) has been steadily rolled out to numerous devices worldwide since the mid–late 2000s, starting largely with benign consumer items and increasingly into more sensitive areas, including healthcare, transportation, and more sensitive services [1]. With the inclusion of the IoT into healthcare, significant gains were realized in that patients experienced ease in reporting their health status [2,3]. In some cases, those confined gained autonomy [2,3]. This applies to institutions adopting the IoT, gradual, sparing legislation adopted in the past 20 years to fast-track and improve the digitalization and reporting of medical information. It has not been just healthcare facilities that have boomed with IoT adoption. Modern labs, warehouses, schools, transport equipment, and agricultural plots use IoT devices in the 21st century [4], and these remain critical in consideration of healthcare impacts as their inputs and interactions impact operations. However, consumers and institutions alike have raised significant concerns about the continued digitalization of healthcare. The issues causing these concerns have occurred, from simple oversights in design to complex implementations of IoT health devices (IoTHDs). These have been accompanied by the discovery of numerous security vulnerabilities and high volumes of attacks that have been carried out [5,6,7,8,9,10,11,12,13,14]. Vulnerabilities in IoTHD design and implementation pose immediate data-based threats. These threats include mass data leaks, improper forwarding of data, and sometimes even indirectly disrupting the operation of other connected devices through a lack of communication or coordination [15,16,17]. We found vulnerabilities in production-scale and patched devices that have stored data in unencrypted, non-proprietary, and easy-to-access formats. However, it is worth noting that proprietary formats can frustrate open-source efforts and are usually financially motivated but more secure. Alternatively, some vulnerabilities leak access to other connected devices, which is problematic for any roll-out [17]. Relating to attacks, an increasing amount of health and manufacturing infrastructure has been open [17,18] and subject to attacks, such as Advanced Persistent Threats (APTs), ransomware, trojans, worms, and loggers [19]. These persistent problems within the IoTHD supply chain and health chain of actions pose numerous threats to patient health, caregiver service, and national security. Strielkina et al. [15] noted the significant problems networked devices posed, including random failures, privacy compromise, and deliberate operations disruptions.
This paper examines the architecture components of IoTHD systems dissected in terms of devices, connected software technologies, the backbone infrastructure, and the individuals involved—IoTHD stakeholders. The discussion of the devices targets medical imaging, medical sensors (used to derive data from being taken advantage of and facilitate processes in modern healthcare), external and implanted devices, and virtual home assistants. The software discussion is split between legacy systems and AI-based software technologies that enable functions within these IoTHDs. The infrastructure discussion covers the communication and application backbone relevant to achieving medical services. Lastly, using IoTHDs requires a discussion of the relevant people and communities. These refer to nation-state actors, healthcare facility personnel, and independent and unorthodox communities. With knowledge of the landscape, we explore the vulnerabilities in healthcare infrastructure as a subset of the international bioeconomy through the lens of IoTHDs. We discuss the components of IoTHDs, vulnerabilities and threats leading to security risks, and control suggestions to address the security risks in IoTHDs. We propose and apply a multi-layer approach to IoTHD security risk management as a beneficial method to facilitate end-to-end security in IoTHDs.
Lastly, we discuss the purpose of modern and emerging IoTHDs. Understanding this allows for an enhanced understanding of emerging and future vulnerabilities and threats, i.e., theoretical threat classification due to emerging IoTHD issues (in terms of novel attack/defense topologies, emerging social dynamics around devices, neuro-link adjacent devices, brain–computer interfaces, and wearable and minimally invasive device vulnerabilities) and practical examples with a case report in the literature. Following this, we discuss future IoTHD controls/countermeasures considerations in terms of device and culture design, practices and training, and innovations to introduce as relating to 4th industrial revolution (4IR) technologies (relating to AI, blockchain, and others that assist toward automation), applications of state defense in the vein of defend forward, and business opportunities that can be capitalized upon by enterprising minds. Overall, this condensed survey and exploration paper will be a valuable tool for anyone concerned with the security of IoTHDs and their potential impact on healthcare and other sectors. We believe that our paper can contribute to navigating the complexities and potential risks of IoTHDs and those that emerge from them.
[ad_2]
