Technology industry research and advisory firm Gartner estimates that there will be 20.4 billion connected Internet of Things devices (IoT) by 2020. Given the growth potential in this marketplace, these products are often rushed to market and the built in security is often deficient relative to legacy systems. So, while these devices bring many conveniences to consumers and allow commercial users to realize efficiencies and innovate, it is important to remember that the increase in the the use of these devices also increases the number of points of vulnerability – what cyber security experts call the attack surface - for households and corporations.
While this should be a consideration for all users of IoT devices, this should be of particular concern for Health Care entities where security shortcomings can directly affect devices that are necessary in administering critical care to patients such as infusion pumps. This article at securityweek.com provides some great risk mitigation tips from the National Institute of Standards and Technology for Health care organizations to consider when implementing IoT devices for patient care.
In addition to the risk management protocols outlined in the article, it is imperative that health care organizations look carefully at how their Cyber Liability insurance policy would respond to incidents involving IoT devices. What if all IoT devices are taken offline by a dedicated denial of service attack or ransomware incident? What if patients’ lives depended on those devices?
As the cyberattack surface evolves, the questions multiply and the implications of their answers become more nuanced. Connect with Risk Strategies Cyber Risk experts to learn more about navigating this evolving liability terrain and to be sure your policy covers IoT devices and the Business Interruption risks that all Health care organizations face today.
The contents of this article are for general informational purposes only and Risk Strategies Company makes no representation or warranty of any kind, express or implied, regarding the accuracy or completeness of any information contained herein. Any recommendations contained herein are intended to provide insight based on currently available information for consideration and should be vetted against applicable legal and business needs before application to a specific client.