How Will 5G Influence Healthcare Cybersecurity
5G has spent years hovering on the horizon, its industry-revolutionizing potential waiting just out of reach for healthcare providers and consumers. But now, the wait is (almost) over –– and for some, it already is. Mobile 5G began to make limited appearances in major cities across the country in the latter half of 2019. Those limits won’t be in place for long; however, a more comprehensive rollout is expected to sweep through the nation this year.
5G and Expanding Healthcare
5G’s entry onto the scene has the potential to expand the healthcare industry’s potential in ways that weren’t even imagined a decade ago and pose all-new security risks for patients and providers.
Most press pieces have focused on the latter point, and for a good reason. 5G stands to have an incredibly positive impact on the healthcare sector as a whole –– its super-fast mobile speeds will make communication instantaneous and connectivity a given. Where 4G might have been capable of sending data to and from 100,000 devices per square kilometer, 5G’s hyper-fast download speeds will enable data transmission for a million devices across the same distance.
With new wireless technology, healthcare organizations can rely on a faster, more reliable internet connection for thousands of medical devices and objects at any given time. It also offers providers who have limited or no access to broadband internet (i.e., isolated rural practices) a chance to easily connect to internet-facilitated health services that those in urban areas might take for granted.
However, two fields will benefit more from 5G than the rest: virtual reality and telemedicine. While physicians have begun to explore the use of VR and AR in comprehensive rehabilitation and telemedicine consults, their efforts have been significantly curtailed due to limitations in available 4G LTE connections. Latency, or the time between sending a data request to a device and receiving it, is considerably higher, thus limiting, with 4G. In contrast, latency with 5G is over ten times shorter than conventional speeds.
This shockingly low latency holds a great deal of potential for advancement in healthcare. As writers for a report on 5G’s potential in healthcare note in a December 2019 issue of Precision Clinical Medicine: “In the 5G era, with its innate high bandwidth and low latency advantage, VR is expected to help streamline the entire hospital, especially in telemedicine, teleconsultation, and even remote surgery.”
These advancements are expected to have a remarkable impact on patient care and digitally-facilitated healthcare sectors. The 2018 Market Research Future Report anticipates that “the telemedicine industry will experience a 16.5% compound annual growth rate from 2017 to 2023, due to an increased need for medical services in rural and underserved areas that may only be possible through 5G and IoT.”
Cybersecurity in the 5G Era
All this said these gains don’t come without security drawbacks. While 5G is generally accepted to be more secure than the 4G we use now, the technology still poses a few notable risks.
In November of 2019, a joint research initiative between security researchers at Purdue University and the University of Iowa revealed an incredible 11 significant vulnerabilities in studied 5G networks. The study noted that these security lapses could allow bad actors to surveil and disrupt device operations — or even launch falsified emergency alerts.
These findings are troubling for the risks they highlight and because they prove that the vulnerabilities that 5G was meant to resolve are still an ongoing problem. Equally problematic is the ease with which these security holes can be abused. As a writer for TechCrunch noted in an article on the study, researchers “claimed that all the attacks could be exploited by an adversary with a practical knowledge of 5G and 4G networks and a low-cost software-defined radio.”
All this said, cybersecurity in the 5G era does warrant some optimism. Because next-gen wireless tech is designed with network slicing in mind (i.e., organizing several isolated virtual networks within an overarching physical infrastructure) it will be harder for bad actors to access the broader system. Slicing also allows for better privacy, because information isn’t shared across isolated “slices,” and for better tailoring, because organizations can apply different policies across varying inner networks.
As the Wall Street Journal has explained, “With 5G, corporate security operations centers can gather and analyze a huge amount of information collected by sensors and other Internet of Things devices that are expected to proliferate over the next few years. This will make it easier for companies to, for example, spot suspicious activity such as a hacker trying to access parts of the network that aren’t typically visited, or attempting to download an unusually large amount of data.”
Given both 5G’s potential for positive change and its security vulnerabilities, then what should we do?
The obvious answer is to allocate more funding, people, and technology towards improving cybersecurity planning in the healthcare space, especially given that recent research indicates that such practices in the industry are lackluster.
One 2019 survey conducted by the cybersecurity firm CynergisTek found that while almost a third of security executives believe that medical device security is one of the top five healthcare risks today, most organizations in the industry lack an effective strategy for assessing the cybersecurity risks that those devices pose. A full 26% of organizations, researchers noted, lacked a plan altogether. Just over half of those surveyed agreed that the reason for the underwhelming response to cybersecurity challenges was due to a lack of necessary resources.
Healthcare organizations need to invest in IT; to develop a full-blown, tested plan for addressing the cybersecurity risks posed by 5G before bad actors make worst-case scenarios a reality.
As Tom Wheeler, the former chairman of the Federal Communications Commission, commented for the above Wall Street Journal article, “Wouldn’t it be great to have cybersecurity as a forethought, rather than an afterthought?”
“We shouldn’t be blinded by the promise of what’s to come.”
He has a point.