The Internet of Things includes a growing number of medical devices, from heart monitors to ventilators and multi-million dollar x-ray machines. More and more hospitals are connecting their equipment to the web in order to give healthcare practitioners access to real-time patient data, an increasingly valuable resource that can mean the difference between life and death.

This modernization is driving noticeable improvements in patient care, as vendors such as IBM are always quick to point out, but it also exposes patient data to cyber threats. Hospitals make particularly attractive targets for hackers due to the fact that medical records are in high demand on the black market.

The tremendous amount of risk associated with this trend has not gone unnoticed by the healthcare industry. The U.S. Food and Drug Administration recently released a note that outlines the threats faced by hospitals and medical device manufacturers, and lists some of the steps these organizations can take to reduce the chance of a security breach.

“Many medical devices contain configurable embedded computer systems that can be vulnerable to cybersecurity breaches. In addition, as medical devices are increasingly interconnected, via the Internet, hospital networks, other medical device, and smartphones, there is an increased risk of cybersecurity breaches, which could affect how a medical device operates.”

The document names several common security vulnerabilities, including the presence of malware on devices connected to hospital networks, lackluster access controls, unpatched software, and insecure off-the-shelf solutions. It recommends that device manufacturers limit unauthorized use of their products, protect individual components from exploitation, and build fail-safe mechanisms into their offerings. Lastly, vendors should incorporate data retention and recovery capabilities in their solutions.

The FDA advises healthcare providers to monitor network activity, perform routine evaluations of IT infrastructure, and contact device manufacturers when they identify potential security problems.