Healthcare wearables are exploding in popularity, but their use goes beyond the fun apps that allow you to track how many steps you’ve taken each day.
Today, heart rate, blood sugar, oxygen levels, blood pressure, and other parameters are monitored by wearable devices. For MSPs in the healthcare space, wearables present both opportunity and peril. Before we get into those, let’s look at some statistics.
According to eMedCert:
- 56 percent of Americans own some type of wearable health technology.
- 88 percent of physicians want patients to monitor their health parameters at home.
- 35 percent of employers use medical wearable technology to facilitate wellness programs and lower health insurance costs.
Of course, these wearables come with potential security vulnerabilities. Many manufacturers have made cybersecurity a back-burner issue. Some cybersecurity experts fear it’s only a matter of time before a headline-grabbing attack on a medical device occurs.
GlobalSign reports that some of the most targeted medical devices by hackers include drug infusion pumps, pacemakers, and MRI devices. They also say these mobile medical devices can give hackers an easy entry point into a medical system:
“They are like an open wound that invites cybercriminals to attack the hospital systems. Although these devices rarely store personal data, hackers can use them to attack hospital systems. They can access the wider hospital network and mine data or hold it at ransom.”
Medical devices are a “legal and monetary minefield”
These vulnerabilities surrounding wearables point to a real conundrum for MSPs, says Kyle Allen, an independent cybersecurity specialist in Lansing, Michigan.
“Wearable devices are exploding in popularity, so they represent a tremendous opportunity for MSPs, but they also represent a legal and monetary minefield if something goes wrong,” Allen warns.
He goes on to say that any MSP seriously considering making security for wearables a part of their portfolio must first do an extensive audit and inventory of a client’s medical device. “And then they must apply any security updates and patches,” he advises.
Allen adds that educating and training staff is also a crucial part of the equation. “Wearable medical devices are not the same as an X-ray machine that stays in the hospital. There are more attack surfaces and vulnerabilities.”
Ryan Smith, an AI and cybersecurity expert and founder of QFunction, also warns of the risks of wearables.
Handling user healthcare data presents a significant risk
Smith tells SmarterMSP.com that the most significant risk of providing security for healthcare wearables is that they collect healthcare information from the users. This makes the developers of the healthcare wearables subject to following HIPAA guidelines for storing and utilizing the healthcare data collected. This also means that MSPs need to be on their HIPAA game.
“If an MSP decides to provide security for the devices, they will need some familiarity with HIPAA guidelines to see where the healthcare wearable company’s responsibilities end and theirs begins,” Smith notes.
MSPs also need to know how users interact with their healthcare devices, such as whether they use their work systems to access or store their healthcare data. “Most MSPs manage employee devices, so another issue would be how to wipe them if they were ever lost or stolen remotely. In short, merging personal data with work systems will prove quite the challenge for MSPs,” Smith says.
However, if MSPs are going to take a more significant role in managing health wearables, there are security measures that can and should be taken, according to Smith.
“While responsibility for handling healthcare data falls more on the company developing the healthcare wearable, MSPs need to provide strict rules and regulations for users who decide to utilize the MSP’s healthcare wearable offerings.”
Smith says that the rules and regulations should ensure that users follow best security practices for these devices. These include enabling multifactor authentication for users accessing their own healthcare data, blocking access to the healthcare wearable devices data from work devices, and possibly figuring out a way to remotely wipe them if need be.
The world of wearables will only continue to grow, and MSPs can grow along with them. Throughout this process, MSPs can also seize a major opportunity, but only if they do their due diligence.
Photo: Monkey Business Images / Shutterstock
This post originally appeared on Smarter MSP.