I have a very distinct memory of the first time I’ve ever witnessed Alexa’s digital intelligence prowess.  A few years ago, I was at a friend’s place, and her husband was playfully showing off his latest home gizmo project: a smart-home hub that connected a hodgepodge of home devices — from the TV, lights, mp3 player down to their electronic fireplace — to the AI-powered voice assistant that willingly responded to queries and commands. As my friend’s husband exclaimed one command after another (which went on for a while), I got lost in my own thoughts; I couldn’t help but wonder about how technology keeps boldly pushing its own boundaries. What was once mere conjecture now has a real-life physical manifestation in the form of an Amazon Echo smart speaker. I think it’s safe to say that technology will undoubtedly keep knocking down barriers as long as societal needs evolve. What makes Alexa (and Google Home for that matter) so fascinating to many, however, actually lies with its underlying infrastructure of interconnected sensor-laden devices. This ecosystem of interwoven devices connected to the internet is what constitutes the Internet of Things (IoT).

The fundamentals of IoT

Considering the mainstream appeal of smart homes in recent years all thanks to Alexa, it’s quite hard to believe that the term Internet of Things has been around since 1999 when Kevin Ashton first coined the term. The WIRED’s Guide to the Internet of Things mentions that any device capable of internet connectivity is part of IoT. Apart from this, IoT gadgets are built with a sensor whose primary function is to gather data from our immediate surroundings; that information then undergoes digitization. Certain gadgets carry multiple sensors which permit data collection in different zones related to a particular environment. For example, fire detection technologies have evolved into multi-sensor types which not only help sense fire but also distinguish it from smoke and carbon monoxide. In addition to sensors, these IoT devices have network connectivity capabilities (e.g. Wi-Fi and Bluetooth) which enable information to be stored and analyzed via their built-in processors. While most people experience IoT largely through smart home devices, the enthusiasm towards this web of technologies was first realized in the business and manufacturing sector. Steve Ranger of ZDNet/TechRepublic discusses the rationale behind IoT implementation in business which is mainly motivated by the idea that businesses should be able to obtain wider access to their own product and system data in the hopes of providing urgent, real-time solutions to technical and operational issues. For instance, installing sensors in machines allows manufacturing companies to proactively identify problematic equipment which in turn gets replaced to prevent issues from further escalating. As for the benefits of IoT to consumers, it all boils down to convenience and pragmatism. Does anyone even still enjoy manually adjusting their HVAC room settings when there’s existing technology that can perform the same task but with less effort? All it takes is a few taps on your phone, and you’re all set. I’m almost certain that technologies delivering this level of comfort and ease are here to stay for the long haul.

IoT in healthcare

A wide array of industries has leveraged IoT to improve their own enterprise workflows. However, it is important that we pay attention to the contributions of IoT in terms of making a real-time health system (RTHS) a reality. Given the malleable nature of technology, we can expect continuous upgrading of smart devices, a rigorous overhaul of telecommunication systems, and an influx of harvested and processed data.  As Sowmiya Moorthie stated in an article published by the PHG Foundation in 2017, IoT could emphasize the need for a “connected health system” which essentially promotes real-time access and exchange of information, thus improving healthcare delivery and management. With this in mind, one can surmise that to be functionally smart, every healthcare delivery organization (HDO) should optimize medical devices and applications by weaving them into a web of interconnected technologies which we can simply refer to as the Internet of Medical Things (IoMT). In an article published for the Alliance of Advanced Biomedical Engineering (AABME) in 2017, Frost & Sullivan defines IoMT as “an amalgamation of medical devices and applications that can connect to healthcare information technology systems using networking technologies.” Moreover, they have divided IoMT into several classifications: on-body segment (i.e. consumer health and medical-grade wearables), in-home segment (e.g. personal emergency response systems and remote patient monitoring), community segment (e.g. kiosks and point-of-care devices), in-clinic segment (devices for administrative use), and in-hospital segment (comprised of IoMT devices and a set of medical solutions). A HealthTech magazine article published last year addressed specific IoMT capabilities (e.g. diagnostic accuracy, less mistakes and low-cost healthcare) which are all germane to RTHS and its core components. Looking at how these sensor-based gadgets and applications operate apropos the characteristics of RTHS we’ve previously discussed, it seems even more plausible that an IoMT-focused RTHS can propel HDOs towards fulfilling both their long-term business and clinical goals.

Issues and risks

While IoT technologies are revered for making our day-to-day lives — whether in the home or at the workplace– a lot less cumbersome, we should also acknowledge the disadvantages that accompany the adoption of these sensor-laden systems. Network connectivity breakdown can easily derail pertinent workflows, and in the healthcare industry, it can be a matter of life and death as patient safety is likely to be compromised. Imagine the potentially harmful impact an erratic Wi-Fi connection can have on HDO workflows that depend on IoMT devices. As hospitals continue to expand their IoMT ecosystems, the interconnectedness of medical devices becomes much more vulnerable to security breaches. WIRED’s article mentions that the increasing probability of IoT devices being subjected to a cyber attack may be due to design process limitations that usually disregard security integration. Simply put, IoT devices aren’t inherently designed or built based on system security, hence making them vulnerable to hacking. Aside from security, IoT/IoMT systems also face issues regarding privacy. According to Moorthie’s article published by the PHG Foundation, privacy concerns are influenced by a number of factors such as the type of data collected, the security of data collection tools utilized, and the extent to which data is disseminated between participants (e.g. smart device, system operators, and third parties). If you think about it, the fundamental structure of IoT empowers performance productivity but in so doing, it must also facilitate substantial data transfer between devices in order to achieve optimal outcomes. As a result of this process, users’/patients’ personal information and other private transactions are at risk of being exposed without permission. One grievous example of an IoT-specific privacy incursion was reported by Bloomberg in April 2019. The report discloses Amazon’s hiring of thousands of employees to listen to and analyze voice recordings captured through user interactions with Alexa. On the IoMT front, Trend Micro has published research involving the analysis of internet-exposed IoMT devices and systems owned by hospitals and clinics via Shondan, a search engine for medical devices. The study reveals that Digital Imaging and Communications in Medicine (DICOM) systems responsible for CT, PET and MRI scans, as well as ultrasounds and X-rays can be publicly viewed on the web– an outright infringement of confidential patient records.

Mitigating IoMT risks

The persistent expansion of interconnected medical devices and applications has ostensibly exposed HDO IT systems to certain vulnerabilities. In an article written for Security Intelligence, Abby Ross, Associate Partner for X-Force Red, recommends that hospitals espouse AbedGraham’s (a clinical security consulting company) clinical risk management framework when evaluating issues that need to be resolved first. This framework categorizes IoMT risks into four pillars based on impact: clinical risk (patient impact), organizational risk (i.e. workflow productivity disruption), financial risk (i.e. effects of fines and losses) and regulatory risk (i.e. non-compliance to HIPAA regulations). Another strategy worth considering is the “crawl, walk, run” approach which Jon Rabinowitz, VP of Marketing at CyberMDX, expounds in a piece he wrote for Inside Digital Health. This particular tactic is designed for gradual implementation, allowing organizations to take one step at a time with no pressure to immediately act on risks. The crawl stage involves HDOs forming a team comprised of healthcare and IT professionals whose role is to identify all existing medical devices being utilized within their network and disclose any IT security threats to all employees. HDOs can then move on to the next stage — the walk stage — where they assess risks and develop a baseline for normal network activity to help detect and isolate anomalous ones. Once this stage has been fully adopted, HDOs can proceed to the run stage where they implement a comprehensive cybersecurity strategy governed by security controls.

Because IoMT system vulnerabilities could be detrimental to patients’ safety in any care delivery context, my takeaway from these risk mitigation strategies is simple: HDOs must be prepared to take on security and privacy threats through an exhaustive cybersecurity plan. If care providers seek to adopt RTHS because they believe in its patient-centric goals, they have to understand that this pursuit requires an extensive approach to combating potential IoMT-related vulnerabilities that can endanger patients’ lives. It is imperative for HDOs to integrate an IoMT infrastructure designed with a potent and reliable security risk management strategy, ready to be deployed when the need arises.

The succeeding steps

As IoT continues to dominate industries and grows in complexity, HDOs should take a hint and make the most of their IoT infrastructure. Gartner provides insight into an IoT platform strategy that can be advantageous in addressing an HDO’s business and clinical objectives. It is important to begin by promoting awareness of IoT, starting from the executive board-level all the way through various departments. HDO CIOs should be able to envision the role of IoT in their own organizations so as to clearly understand its value. Medical practitioners and staff can educate themselves on IoT and how leveraging sophisticated technology can positively impact their workflow productivity. Meanwhile, IT and OT teams must be ready to integrate IoMT into their hospital’s existing infrastructure. Forming a team specifically for implementing IoT can also prove beneficial, especially when HDOs invest in training individuals with gaps in their skillset since IoT implementation will most likely entail cross-departmental abilities. The same IoT task force can then be assigned to develop the HDO’s own platform strategy, integrating newer models of connected medical devices and applications into their existing IoMT ecosystem. In terms of network connectivity, allocating a hefty budget to acquire 5G is also becoming even more necessary as it can elevate IoMT-dependent workflows by enabling quick, real-time data sharing.

Just as most of our homes have embraced smart home devices, HDOs have already begun advancing their IoMT integration efforts. Although this can be seen as a small victory, the process doesn’t simply end with infrastructure installation. If the impetus behind HDOs fully assimilating into RTHS were to provide convenient care delivery at lower costs to their patients, they must devote their time and resources into constantly upgrading IoMT technologies and, above all, guarantee that such infrastructure is properly guarded against potentially damaging cyber risks.