Security for Healthcare Internet of Things Must Be Addressed Upfront
The explosion of networked medical devices and sensors that connect, communicate or transmit information through the Internet hold tremendous promise if security is built into the infrastructure from the outset, according to a new report.
While networked medical devices linked to the Internet of Things pose potential security risks, they are outweighed by the potential benefits to society from these devices that are wearable, temporarily ingested or even embedded in the human body for medical treatment, medication, and general health and wellness. That is the conclusion of the report by Intel Security (which owns security software vendor McAfee) and the Atlantic Council, a nonpartisan international affairs policy organization.
The report, The Healthcare Internet of Things: Rewards and Risks, makes several recommendations for helping providers and regulators to maximize the value of these networked medical devices for patients, while minimizing the security challenges that originate in software, firmware, and communications technology across networks and devices. According to the report, networked healthcare has several potential vulnerabilities: theft of personal information, intentional tampering with devices to cause harm, widespread disruption, and accidental failures.
When a networked medical device is connected to a person, the health information that can be exchanged may dramatically improve healthcare, but the consequences of privacy and network security intrusions are equally real, says Pat Calhoun, senior vice president and general manager for network security at Intel Security. Security should be built into the whole healthcare ecosystem, from the device, to the network, to the data center.
The report provides several recommendations, including:
*Security should be built into devices and the networks they use at the outset rather than as an afterthought.
*Industry and governments should consider implementing a comprehensive set of security standards or best practices for networked medical devices to address underlying risks.
*Private-private and public-private collaboration must continue to improve.
*The regulatory approval paradigm for medical devices may need to evolve in order to better incentivize innovations while enabling healthcare organizations to meet regulatory policy goals and protect the public interest.
*There must be an independent voice for the public, to ensure patients and their families have a voice, the goal being to strike a balance among effectiveness, usability, and security when the device is implemented and operated by consumers.
The full report is available here.