Deploying IoT securely on healthcare networks: new IoT Security Foundation whitepaper outlines best practice for healthcare IT teams & OEMs
Free whitepaper addresses underlying principles for securely deploying IoT systems on healthcare networks and how to cut risks for patients and their data
Release Date: 5 June 2019
The use of IoT systems in healthcare creates significant opportunities for both OEMs and healthcare providers, but the inherent connectivity coupled with their use outside controlled hospital environments adds a risk to both patients and their data – risks that need to be managed.
A new whitepaper from the IoT Security Foundation seeks to show, through example, how to implement a good security regime whilst taking into account the unique needs of the healthcare sector.
It examines architectures for a range of healthcare devices and enables healthcare OEMs, system specifiers and the IT departments implementing them, to identify the appropriate security measures for any deployment of health-related IoT solution. Within the whitepaper, three network types are considered – bounded, boundaryless and hybrid – along with 17 high-level requirements that should be taken into consideration when a new IoT device is assessed for use on a healthcare network.
Use of IoT in healthcare rising rapidly, knowledge of cyber security must follow
With the ability to significantly improve diagnosis / treatment, reduce operating costs and enable remote monitoring, the medical device sector is undergoing rapid change. The sector is forecast to grow 3.3X to $63 billion by 2024, yet 45 million medical devices were recalled due to software / security issues in the US during Q4 2018 and the knowledge needed to protect such networks may not be in place.
The whitepaper’s lead author, Stacie Hoffmann, a digital policy and cybersecurity consultant at the Oxford Information Labs, said: “To date there has not been enough thinking about IoT-related security concerns particular to healthcare environments and, more importantly, how to address those threats before something goes wrong. Recent high-profile breaches and vulnerabilities mean IT teams are aware of the risks of deploying such systems and the approach outlined in this paper is a progressive step in recognising potential weaknesses as well as identifying security management points in the IoT for health space. It details key security recommendations that layer security throughout the environment and aims to simplify management in a way that protects devices and systems as well as patients”
John Moor, Managing Director of IoTSF added “it’s also getting harder to recruit those with the necessary security knowledge and experience to deploy IoT which is why we believe this whitepaper, along with many other resources the IoT Security Foundation provides, helps to address stakeholder concerns so we can realise the health benefits of IoT.”
A 2019 analysis of IoT cybersecurity jobs adverts showed a 49% increase in demand for IoT security experts between Q3/Q4 2018. This was coupled with a severe shortfall of available applicants, with contractors being relied upon and a fast-rising cost to access this expertise.
The whitepaper aims to reduce the complexity of health-related IoT systems, create better-informed procurement decisions, demonstrate good security practices and support privacy in a health-sector-specific context.
The comprehensive whitepaper examines the security needs, data flows and threats for each of the major classes of health-related IoT systems and networks used in patient treatment and monitoring:
– Fixed location devices (eg an MRI scanner);
– Portable (on-site) (eg a vital signs monitor);
– Portable (loaned) (eg a blood pressure monitor);
– Patient owned (eg a hearing aid / fitness watch).
It also outlines layered approaches to protect legacy and new IoT products on a network, bring in non-healthcare specific devices and manage devices that move between local and public networks; as well as outlining the 17 requirements that should be implemented in any medical device / network. This includes real-world examples of security vulnerabilities and the direct impact on patients and their sensitive data.
About the Internet of Things Security Foundation (IoTSF)
The IoTSF was formed as a response to existing and emerging threats in the Internet of Things applications. It is an international, collaborative initiative that seeks to promote best practice across multiple sectors and help organisations realise the benefits of IoT securely.
IoTSF promotes the values of a security-first approach, fitness for purpose and resilience through operating life. The security values are targeted at key stages of the IoT eco-system – those that build, buy and use products and services: Build Secure. Buy Secure. Be Secure.
IoTSF is an international, collaborative and vendor-neutral members’ initiative, driven by the IoT eco-system and inclusive of all parties including technology providers and service beneficiaries.