During the last years the technology it has shown enormous progress and is now part of the daily lives of millions of people. Simple things like ordering food to reading the news can be done from a phone. Now everything is just a click away. But just like in “real life”, there is a risk of suffering the Information theft. That’s why the digital security It is an aspect of interest to all.
The role of technology in today’s world
In that sense, as a result of the current conditions, medical consultations online have also increased. It is a simple and comfortable modality in which there is no risk of contagion of infections because there is no physical contact. Though that doesn’t mean there aren’t other dangers.
As an example, experts from Kaspersky found that, in 2021, the most widely used protocol for transferring data from wearables to the remote patient monitoring it contained 33 vulnerabilities. Among them there are 18 that are considered “critical vulnerabilities”. This represents 10 more critical vulnerabilities than in 2020, and many of them remain unpatched. Some of these vulnerabilities make it possible for attackers to intercept data that is sent online from the device.
The pandemic has caused a rapid digitization of the health sector. With hospitals and healthcare staff overwhelmed, and many people quarantined at home, organizations have been forced to rethink how patient care is delivered.
In fact, recent Kaspersky research found that 91% of healthcare providers globally have implemented their telemedicine capability. However, this rapid digitization has created new security risks, especially when it comes to patient data.
Digital crimes are on the rise
Some of telemedicine includes the remote monitoring of patients, which is carried out through the so-called wearables and portable equipment for body use. These include those that can continuously or at intervals monitor indicators of a patient’s health, such as cardiac activity.
The MQTT protocol is the most common for transmitting data from sensors and body-worn devices because it is easy and convenient. That is why it can be found not only in body-worn devices, but also in almost any smart device.
Unfortunately, when using MQTT, authentication is completely optional and rarely includes encryption. This makes it highly susceptible to Man in the Middle or MITM attacks (when attackers can get between “the two parties” while they are communicating), which means that any data that is transferred over the Internet could be stolen. . When it comes to body-worn devices, that information could include highly sensitive medical data, personal information, and even a person’s movements.
Measures to take care of your patients in the virtual world
To promote the digital safety of patients, Kaspersky recommends that clinicians follow the following:
- Check the security of the application or device suggested by the hospital or medical organization.
- Minimize the data transferred by telemedicine applications, if possible (for example, do not allow the device to send location data if it is not necessary).
- Use passwords other than the default ones and use encryption if the device offers it.
It is worth noting that most wearables keep track of both their health data as its location and movements. This opens up the possibility of not only stealing data, but also stalking.