Many healthcare organizations are not fully aware that they use a large number of Internet of Things devices that increase breach risks.
That must change, according to the National Institute for Standards and Technology, one of the nation’s oldest physical science laboratories and a part of the Department of Commerce.
“It is important that organizations understand their use of IoT because many IoT devices affect cybersecurity and privacy risks differently than conventional IT devices do,” according to a draft document released by NIST to collect insights on IoT issues from stakeholders during a public comment period set to close in October.
Some organizations need to understand how characteristics of IoT affect managing data security risk, including accepting, avoiding, mitigating, sharing or transferring risk, NIST says.
For example, operational requirements for performance, reliability, resilience and safety may be at odds with common cyber and privacy practices for conventional health IT devices. The result could be the need to use manual processes, expand staff knowledge of devices, and address risks with manufacturers and…
