Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

3/2/2021
12:55 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

SAFE Identity Announces Internet of Medical Things Working Group

Group will establish industry standards for securely credentialing medical devices.

RESTON, Va. – March 2, 2021 –  SAFE Identity, an industry consortium and certification body operating a Trust Framework for digital identities in healthcare, today announced the Internet of Medical Things (IoMT) working group. This group, composed of digital identity experts, will establish industry standards and guidance for medical device manufacturers to build trusted, secure and interoperable credentials into their products on the production line. This effort will enable hospitals, radiology centers, medical labs and other consumers of medical devices to use a trusted standards-based credential already on the device as soon as it arrives at their loading docks.  

With an average of 10-15 network connected devices per hospital bed, healthcare providers are challenged with identifying and managing all the devices on their network to ensure data confidentiality, integrity and network security. These challenges have proven to be a systemic issue exacerbated by connected medical devices, an increase in wearable devices and remote patient monitoring, which introduce additional attack vectors and increase risks that impact patient safety, privacy of Protected Health Information (PHI) and data breaches.  

The work done by the IoMT working group will provide a standardized requirement for medical device certificate issuance based on industry best practices for device identity and assurance requirements. These issuance practices will define tactics to combat some of the biggest issues in healthcare today, including anti-counterfeiting measures, tampering prevention, encryption and identity confirmation on the network. The vendor-agnostic requirements defined by the IoMT working group will include testing to enable interoperability across systems.   

To help facilitate this effort, SAFE Identity recently hired Priti Dave as the director of solutions strategy. Her 14-years' experience at a leading health information exchange network enables Dave to apply her knowledge in ecosystem development to help solve one of the greatest challenges in the IoMT space through her role as the chair of the SAFE Identity IoMT Working Group. 

“Providing a path to secure medical device identities is a major step towards building the foundation for digital trust within healthcare,” said Dave. “With the IoMT working group, we have set out to clear this path in a collaborative way, utilizing SAFE Identity’s Trust Framework for a standards-only, product-agnostic approach that fosters interoperability and thwarts vendor lock-in in a decentralized way. The IoMT working group provides an excellent forum for all parties in the healthcare space to share their needs and expertise surrounding medical device security, and we encourage participation from across the industry.” 

A 3-Phased Approach to Fostering Interoperability of Medical Device Identities 

The IoMT Working Group will carry out its mission in a 3-phased approach to ensure maximum productivity of the participants. 

Phase I: The IoMT working group will start by modernizing the SAFE Certificate Policy, a set of technical specifications, interoperability criteria, compliance guidelines and liability rules that govern the SAFE Identity Trust Framework, to meet the needs of the medical device space. The updated policy will establish digital identity standards that leverage cryptography, strong authentication and consistent assurance levels for medical devices so buyers can securely interact with these products straight out of the box.  

Digital identities built into these devices will be issued from a variety of SAFE Certified Credential Providers to enable interoperability with all parties relying on the SAFE Trust Framework. SAFE is also developing procurement guidance to arm healthcare organizations with a strategy for implementing a Trust Framework within their risk management and procurement processes. 

Phase II: The Working Group members will establish operational guidance and implementation strategy to help both device manufacturers and consumers of medical devices adopt industry standards and best practices in their environments. This phase will focus on device auto-enrollment to support large scale issuance of device credentials, credential management, a cost benefit analysis of different PKI implementation methodologies and procurement strategies for consumers of medical devices. 

For organizations such as HDOs (Healthcare Delivery Organizations), the procurement strategies will support the contract and acquisition process by helping measure risk and select appropriate identity requirements for the medical devices they acquire. Leveraging this procurement language takes the burden off HDOs to credential medical devices themselves and provides assurance that they can be used safely on the network immediately.  

Phase III: The final phase of the working group will establish guidance for leveraging the SAFE Trust Framework and industry guidance to satisfy various aspects of FDA pre-market and post-market guidance for medical devices. Given SAFE’s long history of interoperating with the EU and ETSI policies, the group will also explore compliance with EU regulations as part of its final phase. 

Getting Involved in the SAFE Identity IoMT Working Group 

The working group consists of key industry leaders in the digital identity field. Current participants include: Carillon; DigiCert; IdenTrust; PrimeKey; and Trans Sped. 

SAFE Identity welcomes medical device manufacturers, healthcare delivery organizations, other buyers of medical devices and industry consortiums to participate and help address the challenges of cybersecurity for medical devices. To learn more about joining this group, contact Eboni Akins at [email protected]

More information about SAFE Identity is available at makeidentitysafe.com.   

About SAFE Identity 

SAFE Identity is an industry consortium and certification body that provides an ecosystem for identity assurance in the healthcare sector to enable trust, security and user convenience. It reduces risk and assures the integrity of identities and data in virtual clinical trials, medical devices and trusted data exchange in healthcare supply chains. 

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Commentary
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-20001
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.2.0, BinaryHeap is not panic-safe. The binary heap is left in an inconsistent state when the comparison of generic elements inside sift_up or sift_down_range panics. This bug leads to a drop of zeroed memory as an arbitrary type, which can result in a memory ...
CVE-2020-36317
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, String::retain() function has a panic safety problem. It allows creation of a non-UTF-8 Rust string when the provided closure panics. This bug could result in a memory safety violation when other string APIs assume that UTF-8 encoding is used on the sam...
CVE-2020-36318
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.49.0, VecDeque::make_contiguous has a bug that pops the same element more than once under certain condition. This bug could result in a use-after-free or double free.
CVE-2021-28875
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.50.0, read_to_end() does not validate the return value from Read in an unsafe context. This bug could lead to a buffer overflow.
CVE-2021-28876
PUBLISHED: 2021-04-11
In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety r...