News Feature | April 10, 2015

Healthcare 'Internet Of Things' Security Must Be Addressed

Katie Wike

By Katie Wike, contributing writer

6 IoT Predictions For 2015

According to a recent report, providers need to better protect medical devices which connect to the internet in order to transmit data.

Are your devices secure? Intel Security (which owns security software vendor McAfee) and the nonpartisan international affairs policy organization Atlantic Council released the results of a study that indicate they may not by if you’re using the internet to transmit data.

The report, The Healthcare Internet of Things: Rewards and Risks, estimates the number of devices connected to the internet of things will increase to more than 5.4 billion connections by 2020. “When a networked medical device is connected to a person, the health information that can be exchanged may dramatically improve healthcare, but the consequences of privacy and network security intrusions are equally real,” says Pat Calhoun, senior vice president and general manager for network security at Intel Security in an article from Health Data Management.

Researchers do point out, “However, these flaws can be managed and even reduced with a handful of steps: a focus on security by design; better collaboration among industry, manufacturers, regulators, and medical practitioners; a change in the regulatory approval paradigm; and encouraging feedback from patients and families who directly benefit from these devices.”

Some vulnerabilities of networked medical devices were accidental failures, intentional device tampering to cause harm, theft of personal data, and widespread disruption of the devices. The team concluded that the benefits of such devices outweigh their risks, but have many recommendations to make them more secure.

iHealth Beat reports that some of the team’s suggestions include:

  • an independent group be formed to represent the public and ensure there is a balance between the devices' effectiveness, security, and usability
  • the industry and government implement comprehensive security requirements or best practices that address the devices' underlying risks
  • public-private and private-private collaborations continue to improve
  • regulatory approval processes for the devices evolve to encourage innovation, enable healthcare organizations to achieve regulatory policy goals and protect public interests
  • security measures immediately be built into the devices and the networks to which they connect