Cybersecurity Risks and Guidelines

The US Food and Drug Administration (FDA) issued new guidance in March 2023 requiring medical device manufacturers to provide cybersecurity information in their premarket device submissions, with a deadline of October 1, 2023. This is a logical step in protecting patients and medical information, as the vulnerabilities that affect healthcare devices and patients increase.

Going forward, cybersecurity will only be more crucial to future success and growth – and your company’s ability to provide RPM or telehealth solutions that are secure and reliable will be paramount.

In this post, we explore strategies to keep your RPM and telehealth solutions secure, reliable, and compliant. We will also show you ways to improve operational efficiencies, maximize resources, get to market sooner, and scale while saving time and money.

Connected Devices: The Future of Healthcare

The IoMT market has been expanding at great speed in the last 5 years. A study published by Research and Markets reports that worldwide implementation of IoMT is expected to grow at a 24.6 CAGR between 2022-2028 – an unprecedented rate for IoT adoption in just six years. Insider Intelligence also produced a report predicting that by 2025, there will be 70.6M patients – 26.2% of the US population – using RPM devices.

As these predictions come into sharper focus, it’s important to build an infrastructure that can maintain the confidentiality, integrity, and availability of patient data in a secure and reliable manner.

As RPM and telehealth solutions engage healthcare delivery organizations (HDOs), providers, and patients themselves, managing different technology components within an interconnected ecosystem presents challenges in the form of threats and risks. Therefore, every facet of a connected device’s interaction with patients and the provider’s network is important.

RPM and Telehealth Security Factors

When patient data resides on medical devices and flows into an ecosystem that becomes part of the patient’s digital medical records, there is no room for cybersecurity issues or mistakes.

Yet unfortunately, RPM devices often are attractive targets to cyber criminals. Areas of vulnerability can include:

  • Shared public networks
  • Unsecured connectivity
  • Lack of visibility
  • Unmanaged devices
  • Legacy Operating Systems

Let’s explore each of these.

Shared Public Networks

Transporting data over the public Internet is never a best practice.

RPM manufacturers and solution providers that take this into account enable their devices to include embedded device connectivity, or for it to work through a secured gateway device in order to ensure a private and secured connection.

The use of private networks constrains data flow and ensures it only arrives at its intended destination, mitigating the risk of tampering or other malicious activity.

Unsecured Connectivity

Secure connectivity safeguards companies from the financial costs of a HIPAA breach. These violations can be detrimental to companies, with the 2022 HIPAA penalty structure ranging from a minimum of $127 per violation at Tier 1 to a maximum of $1,919,173 per violation at Tier 4.


Speaking on security recently, Smart Meter’s CEO Casey Pittock stated that:


"The financial cost of a HIPAA breach can be detrimental to the continuity of healthcare  businesses and the well-being of patients... [Smart Meter has] made significant investments  over the past four years to embed proprietary security protocols in RPM devices, platform and  network to ensure patient health data can only be transmitted when connected to an exclusive and secure private data network for RPM.”

Lack of Visibility

Once a cyberattack is indeed detected, it must be addressed promptly. This requires an ability to track the vulnerable device(s) and understand the path that the attacker took into the system. Thus, RPM and telehealth companies need to provide solutions that allow for IT and security teams to have visibility into every single device deployed, its status, activity, and data usage.

Look for an IoT management platform that offers:

  • Device and data management
  • Threat detection and risk assessment
  • Ability to remotely push updates
  • Inventory tracking
  • Identification of cyber threats in real time
  • Security best practices, compliant with HIPAA and NIST guidelines

A platform with these components will provide your solution with the best defense against cyberattacks.

Unmanaged Devices

 A device's software or operating system runs the risk of becoming outdated or obsolete during its lifecycle, making an unmanaged device a potential gateway for cyber threats to sneak in. Keeping your devices up-to-date with security can be accomplished through regular software and operating system upgrades, taking obsolete devices out of circulation, the use of eSIMs, and the right management tools.

Legacy Operating Systems

Recent research discovered that almost 83% of healthcare IoT devices in the United States are driven by outdated, unsupported operating systems. Decommissioned, insecure, unpatched, and vulnerable to exploits and cybercrime attempts, they keep around 98% of sensitive medical data transactions exposed or poorly encrypted. This persistent use of outdated and flawed legacy systems renders them inefficient and presents a pressing problem amongst hospitals and medical offices.

The fear or reluctance to upgrade legacy systems is the main contributing factor in allowing cybersecurity threats to be successful. Therefore, it is necessary for healthcare institutions to formulate long-term modernization strategies and create maintenance plans for healthcare application and IT environments.

Why Kajeet?

Kajeet® is a leading IoMT muti-network, private cellular connectivity provider that enables RPM and telehealth solution providers to securely and reliably connect healthcare providers with patients.

Our multi-network approach allows solution providers to save time on dealing with carriers individually, reducing costs, and allowing for pooling and sharing across data and devices. Our patented, award-winning data and IoT management platform, Sentinel®, provides real-time analytics and insights that lead to better decision-making.

We would love to speak with you and explore how we may be able to partner with you to bolster your cybersecurity.

Talk to Us about Your Connected Health Solution