Blog

IT security leaders write the Device Authority blog specifically for C-level executives in the IT community; highlighting the latest news, trends and topics in the industry. Join in the conversation and share your opinions and experiences.

"Doctor, Will I Need Surgery?” Ensuring Telemedicine is Delivered to You Safely and Securely

Posted by Rao Cherukuri on Feb 12, 2019 10:00:00 AM

Telemedicine meets IoT

One of the significant benefits of telemedicine is immediate remote access to medication in life-threatening situations. Pacemakers that doctors can remotely monitor and maintain to identify problems before a heart attack occurs, and insulin pumps that can be adjusted wirelessly, giving a patient more control and better care, are already a reality. According to the Mayo Clinic, robotic surgeries allow doctors to perform many types of complex procedures with more precision, flexibility and control than is possible with conventional techniques.

Imagine a doctor conducting surgery on a patient with a surgical robot remotely, without being present other than sending the instructions to the robot securely. That is the telemedicine of tomorrow powered by the Internet of Things (IoT) and smart medical devices.  Internet of Medical Things (IoMT) or Healthcare IoT has the potential to disrupt the healthcare industry for patient care/safety, cost savings and operational efficiency.

In this and in an accompanying blog written by Juan Asenjo from our partner nCipher Security, we discuss the security and safety challenges involved in deploying the smart medical devices, from surgical robots to embedded insulin pumps and pacemakers.

  • Deloitte surveyed 237 MedTech leaders to learn how the IoMT is disrupting MedTech’s role in Healthcare. More than half (51%) of respondents said they are implementing new business models to drive innovation and sales.
  • According to Deloitte, the internet of connected medical things (IoMT) market is expected to reach $158 billion by 2022

 

Are the Smart Telemedicine devices and applications secure enough for patient safety?  

So far, the cybersecurity model evolved as an afterthought, heavily focused on detect and respond methods more than prevent and protect methods. Everyone knows that there are shortcomings in today’s cybersecurity landscape, hence why security breaches are on the rise irrespective of technology advancements, and billions of dollars invested. The current IT security models continue to fail, and still focus on data losses and access to services, rather than the safety issue. IoT and IoMT is about safety and economic issues.

  • Imagine a healthcare device you are using is under a hacker’s control. Could they send a lethal dose of medication to your medical device?

In August 2017, The FDA announced the first-ever recall of a medical device (a pacemaker) due to cyber risk. In July 2015, the FDA issued an alert highlighting cyber risks related to infusion pumps.

To ensure the safety of patients and protect the privacy and integrity of the data, the FDA released a new guidance that addresses the steps manufacturers must follow in order to protect smart medical devices and data against cyberattacks.

IoMT is calling for a new security model with a Secure by Design approach, from the very beginning based on a Root of Trust.

 

Addressing the security challenges for telemedicine and smart medical devices

The security for smart medical devices and the broader ecosystem starts with the right foundation of trust based on verifiable device identities through a robust public key infrastructure  (PKI). The typical steps involved in securing a medical device are:

  • Provisioning and managing device identity and integrity at IoT scale (hundreds of thousands of devices, with the potential for millions)
  • Implementing end-to-end data security / privacy independent of the network
  • Providing assurance that all the parties (devices, people and applications) involved in delivering the service are authenticated and authorized

The unique need for healthcare or for any security conscious smart device is the ability to couple the Device Trust and Data Trust. If the device and data it collects can’t be trusted, there is no point in wasting resources collecting it, analyzing it and worst of all, making decisions and sending the wrong controls. Imagine if a doctor or clinician adjusts the wrong dose of medication to connected healthcare device?

 

Securing the telemedicine eco-system and patient safety

Device Authority and our partner nCipher Security are helping secure medical devices. Our joint Healthcare IoT Security Blueprint provides the requirements, components and guidelines for secure and safe deployment of IoT technologies in healthcare. As a leading provider of secure identity and access management solutions, Device Authority enables end-to-end security architectures that scale to meet today’s demands. The KeyScaler Platform provides trust for medical and other IoT devices using breakthrough Dynamic Device Key Generation (DDKG) and PKI Signature+ technology. Integrating with nCipher’s nShield Hardware Security Modules (HSMs), the combined solution protects and manages critical cryptographic keys that form the root of trust for the entire ecosystem.

To learn more about securing connected medical devices, including how to design and deploy scalable credential management systems with a root of trust, register here for our joint webinar on 19 February: “Cyber Security vs. Cyber Safety – Are Medical Devices Secure and Patients Safe?”

If you want to reach me for further discussion, contact me on Twitter @raocherukuri.

Subscribe to Email Updates