Design vulnerabilities in these devices may provide backdoor entry points for malicious actors to take over these devices – in other words, command and control. These fears were best brought to light in 2017, when the United States' Food and Drug Administration recalled over 500,000 pacemakers  over the threat of command and control vulnerabilities and other lax cybersecurity protection that could have left patients with pacemakers with a critically dangerous vulnerability to hackers.
Data hacking and harvesting
Command and control is not the only risk facing the security of IoT healthcare devices. The overall threat of data hacking and harvesting raises many of the same fears, in addition to more broad concerns about user privacy standards and expectations.
The recently revealed Spectre and Meltdown vulnerabilities  very publicly crystallized these fears.
Connected healthcare IoT devices may be running operating systems on processors that were vulnerable to the Spectre and Meltdown exploits. Even worse, they may be just as vulnerable to similar future attacks that can and likely will occur at some point down the line. These attacks would be troubling enough on their own. But, the fact that healthcare IoT devices – and the patient data they collect and use – exist in a shared infrastructure only raises the risks and stakes that come with sensitive information leaks, privacy breaches and illicit data harvesting.
Making device security a priority for healthcare IoT
I don't want to sound overly doom-and-gloom about this. The fact is, IoT can do, and is doing, a lot of good in the healthcare space, and these innovations and positive outcomes – for doctors, patients, researchers, administrators, everyone across the board – will only continue to grow in the years ahead. But, at the same time, we need to be honest about the two sides to this coin, and that the other side boasts a serious level of security risks.
Being honest about those risks also means doing something about them, too, and luckily, we have the power to do just that. IoT developers and engineers can tackle these security and privacy concerns head on by prioritizing device designs that integrate components with built-in, cybersecurity protections.
Next: All the crypto