South Africa is poised to start benefiting from a plethora of healthcare technologies which could dramatically improve patient care at a lower cost, boost preventative healthcare, and take the best medical practitioners virtually to the most underserved regions of the country.

However, exciting new developments in healthcare technology could also put patients at risk in both the cyber and real world.

This is according to Fortinet South Africa security experts Doros Hadjizenonos and Matthew Taljaard, who warn that the promise of emerging healthcare technologies could be derailed by security risks.

Hadjizenonos, regional sales director SADC at Fortinet, says Internet of Things (IoT) and Internet of Medical Things (IoMT) devices are increasingly being adopted for greater efficiency and improved patient care in the healthcare sector. These tiny, connected devices are being deployed to monitor patient vital signs and treatment, track pharmaceuticals and control medical equipment throughout hospitals.

“We are seeing adoption and interest from private hospital chains locally, who are considering IoT for efficiencies, for managing patients and analysing data,” he says. “There is potential to deploy IoT for patient monitoring both at home and in hospitals, for example connected beds with oxygen meters and heart rate monitors feeding information back to nurses’ stations. IoT can also be used to automate devices administering treatment, such like ventilators.

IDC’s Worldwide Internet of Things Spending Guide forecast of May 2021 says worldwide spend on IoT is anticipated to pass US$1 trillion by 2024, with South Africa among the fastest-growing IoT markets in the MEA region, growing at an expected to grow at a CAGR of 14% from 2020 to 2025. The global IoMT market was valued at $44.5 million back in 2018, and is expected to grow to $254.2 million in 2026, according to AllTheResearch.

Smart technologies such as smart watches and other wearables, as well as video conferencing and telemedicine also become part of this broader ecosystem, bringing with them the opportunity to make healthcare more accessible, affordable and proactive.

However, Taljaard, subject matter expert for OT (operational technology) at Fortinet, notes that as smart technologies start controlling surgeries and patient treatment, the risks associated with advanced healthcare could grow. “Data privacy and cyber security are already a key concern in healthcare, as healthcare records are a prime target for cyber criminals.

“Fortinet finds that medical records are worth ten times more than credit card numbers on the black market. On top of that, as we have seen in the industrial sector, as IT and OT converge, cyber risk can threaten health and safety in the physical domain. This could put patient lives at risk should cyber attackers access physical patient monitoring and treatment systems.”

“Much in the same way we enabled work from home by securing that environment, by properly securing the healthcare environment we can create a safe platform that gives health professionals and patients the confidence to start benefiting from all the advanced medical technologies coming to market,” he says.

Hadjizenonos says: “Healthcare organisations have to start preparing for the future of healthcare by building security into the design of the entire environment. Because it is difficult to build security into small IoT or IoMT device; technology needs to be deployed to detect and monitor all the devices and secure the traffic following between them. If a device was to be compromised it would be from the network point of view.”

IoT devices are vulnerable to hijacking and weaponization for use in distributed denial of service (DDoS) attacks, as well as targeted code injection, man-in-the-middle attacks, and spoofing. Fortinet warns that malware is also more easily hidden in the large volumes of data IoT devices produce, while some IoT devices can be remotely controlled or have their functionality disabled – which could be used in a ransomware attack.

Fortinet says robust IoT security requires integrated solutions capable of providing visibility, segmentation, and seamless protection across the entire network infrastructure.  Healthcare organisations should be capable of authenticating and classifying IoT devices, as well as segmenting IoT devices based on their risk profiles. They should also have the ability to monitor, inspect and enforce policy based on activity at different points within the infrastructure, and take automatic and immediate action if any network devices become compromised. To ensure compliance and data protection, organisations should take a zero-trust approach with role-based access control and a unified security fabric aggregating the security architecture across physical and cyber domains.