Connecting devices, people, and systems has particularly strong impacts in the healthcare industry. Up-to-the-second information can mean the difference between life and death for patients, and the potential applications of connected technology to improve care are endless. Pacemakers that doctors can remotely monitor and maintain to identify problems before a heart attack and insulin pumps that can be adjusted wirelessly, giving a patient more control and better care are already a reality.
As in the digitization of any industry, the same connectivity that drives significant value simultaneously heightens security and privacy risks. The main threats fall in two categories:
Vulnerabilities in a networked medical device pose obvious privacy risks, since these devices access patients’ most personal biological data. Hackers may use connected medical devices to steal patients’ data for identity theft, targeted blackmailing, buying drugs or medical equipment to resell and filing fraudulent insurance claims. Additionally, if these devices interface with medical billing records, then patients risk losing both medical and financial information.
Intentional disruption and cyber terrorism pose significant risks, because networked medical devices face the same technological vulnerabilities as any other networked technology. Security vulnerabilities have been discovered in pacemakers, defibrillators, and diabetes insulin pumps. These devices are meant to be communicating with the management server only, but have been found to broadcast signals out into the Internet, breaching security protocols.
To cite an example, Johnson & Johnson’s insulin pump turned out to be highly vulnerable due to the unencrypted wireless connection between the remote and the pump, giving hackers a chance to easily implement their malicious techniques: to trigger unauthorised insulin injections and access the entire hospital system to immobilise services and cause panic and chaos.
The KeyScaler™platform from Device Authority addresses all the security concerns that any industry vertical would have by providing the most appropriate Identity and Access Management for Internet of Things (IoT) devices. Device Authority remains the most secure Trust and Privacy platform for Internet of Things (IoT) devices.