“As the attack surface increases with the introduction of connected devices, the attack potential grows exponentially,” the report said. It said healthcare organisations should set specific IT security requirements for IoT components and identify how they will be interconnected, or connected to the internet. The report argues that device manufacturers need to involve hospitals from the very beginning when designing systems and services.
ENISA executive director Udo Helmbrecht said: “Interconnected, decision making devices offer automation and efficiency in hospitals, making them at the same time vulnerable to malicious actions.”
The report warns that there are “several serious vulnerabilities that come with the use of IoT in healthcare that are difficult to address.”