Connected Insights Blog | SmartSense

IoT Cybersecurity Ensures Safe Data, Safe Products, & Safe Patients

Written by SmartSense | May 19, 2023

IoT cybersecurity has been proven to keep patient and product data safe. Unfortunately, cybersecurity technologies in healthcare organizations have historically been underfunded. Yet given a recent FBI report addressing cybersecurity vulnerabilities in medical devices, as well as a 9.4% increase in the cost of the average healthcare data breach, security concerns for IT leaders within healthcare organizations are at an all-time high.

At bottom line, patient safety is directly tied to the security of their personal data and the product data about the medicines and vaccines they receive. With their considerable responsibility to protect this data, CIOs and CISOs must consider new strategies to implement IoT cybersecurity within their hospitals, clinics, and other healthcare operations.

In this post, we examine several key issues to consider when implementing a cybersecurity strategy:

  • Challenges of connectivity in established healthcare infrastructures
  • Benefits of cellular networks versus Wi-Fi
  • Complications for connectivity in a hospital setting
  • Best practices that neither introduce new risk into daily operations nor overburden IT teams and network infrastructure
  • IoT Sensing-as-a-Service with standardized, scalable cybersecurity

Connectivity Challenges in Healthcare Infrastructures



Collecting telemetry data from distant assets is increasingly essential to healthcare organizations. Yet IoT devices installed by individual business units often have a magnitude of connectivity requirements at hard-to-monitor locations, thereby increasing the need for standardization and centralized data exchange.

Furthermore, many of the KPIs for healthcare organizations include bed occupancy rate, average hospital stay time, treatment costs, readmission rate, equipment utilization, and patient satisfaction. But when hospitals are designed and built, such considerations for IoT adoption and implementation are usually after-thoughts.

For example, when Wi-Fi was first introduced in hospitals, it was used primarily for paperless charting and guest mobile devices, rather than to support the needs of an enterprise IoT system. Even today’s hospital Wi-Fi loses connectivity on occasion because of metals, cement, basement design, and other construction elements.

Cellular vs. Wireless Connectivity: A Critical Difference

Although not without its own issues, cellular networks are preferred over Wi-Fi to overcome infrastructural connectivity challenges. Cellular connectivity provides the following benefits:

  • Greater security: Cellular networks are safer than Wi-Fi because security is managed by the cellular carrier, which specializes in the ongoing administration of and investment in their own robust network.
  • Simple infrastructure: Cellular connectivity operates on existing mobile networks so that devices can connect easily without the need for new and expensive infrastructure.
  • Extensive coverage: Cellular connectivity can be used at multiple locations with cell coverage and allows for roaming or switching networks when out of range.
  • Remote management: Cellular IoT devices can send data to the cloud that can be accessed and managed from a remote mobile device.
  • Flexible connectivity options: Several cellular options are available to accommodate different uses and bandwidths, such as NB-IoT, LTE-M, LTE, and 5G.

Complications of Cellular Connectivity in a Hospital Setting

Despite these benefits, gateway positioning and equipment specifications are potential disrupters of cellular connectivity. In addition, hospitals must deal with a high level of digital noise generated by machines and sensors using radio waves. These factors add complexity to real-time connectivity and the accurate transmission of telemetry data.

On the one hand, some of the equipment that leverages radio waves (e.g., X-ray, ultrasound, and MRI machines) use antennae that are focused, thereby causing less interruption. On the other hand, IoT-enabled devices are less guided — for instance, when sensors are awake to measure and record volume, oxygen, CO2, temperature, humidity, and weight. Moreover, the distance between sensors and gateways may vary depending on how the system is installed.

To compensate for these complicating factors, IoT must be deployed to maximize battery life for optimal performance. At the same time, it must achieve an adequate rate of real-time communication between sensors, gateways, and the backend database. These conditions are necessary to fuel machine learning, run algorithms, and generate prescriptive analytics.

Being able to connect to multiple cellular providers is essential for uninterrupted operation over time. Gateways must be able to detect the highest cellular strength wherever they are located. A “set it and forget it” approach simply can’t provide the necessary flexibility and thereby creates potential performance risk.

Cybersecurity Best Practices

CIOs and CISOs should consider the following best practices when implementing a cybersecurity strategy, since they neither introduce new risk into daily operations nor overburden the network infrastructure.

Drop-in Solutions

One best practice for cybersecurity in healthcare organizations is the employment of “drop-in” solutions that are independent of the hospital IT infrastructure. By separating the solution network from the organization’s network, security leaders can eliminate the ability of weak links in the infrastructure to compromise the enterprise system.

Zero-Trust Infrastructure

A truly secure digital enterprise needs a comprehensive strategy for safe “anytime, anywhere” access to operational components (data, devices, software applications) regardless of where they are located. Zero-trust infrastructure protects the data of complex healthcare infrastructures lacking clearly defined perimeters. A zero-trust approach also assumes breach, verifies each request, and requires full authentication, authorization, and encryption.

Security As Code

Security as code refers to integrating security directly into operational tools and practices, thereby making them an essential part of everyday workflows. By mapping out how changes to code and infrastructure are made and finding places to add security checks without introducing unnecessary costs or delays, this just-in-time approach helps ensure the right security measures are in place from the start.

IoT Cybersecurity: A Standardized & Scalable



Hospital networks that are implementing remote monitoring in a variety of environments, location types, and medical applications need IoT cybersecurity that is standardized, reliable, and scalable. For example, large hospital campuses may have dozens of locations in areas that are difficult to monitor, while interregional hospital networks may have hundreds of sites located across the U.S.

Complex healthcare organizations such as these should consider Sensing-as-a-Service solutions that have mesh networking, cellular connectivity, and high coverage. These dynamics support consistent, quality IoT cybersecurity that is essential for ensuring compliance and advancing the quality of patient care through prescriptive analytics and directive care.