Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/24/2015
11:06 AM
Pat Calhoun
Pat Calhoun
Partner Perspectives
50%
50%

Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners

Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.

Healthcare is inherently a service of data and networking. Patients convey information to doctors, general practitioners consult with specialists, healthcare teams develop and execute treatment plans, pharmacists review and fill prescriptions, and patients research and communicate with peers. Improving the efficiency of this network with connected technologies can improve healthcare outcomes and quality of life, while reducing costs. It can also expose intensely personal data and devices to privacy breaches and disruption.

Networked devices and healthcare are already improving quality of life for millions. Wearable fitness technology prompts us to do more exercise and monitor what we are eating. Implanted devices dispense insulin, prevent hear fibrillations, and manage pain. Online monitoring improves patient compliance with medication and reduces hospital visits. Almost 50% of healthcare providers have integrated consumer or operational technologies into their IT systems, and continued deployments could result in $63 billion in global healthcare savings over the next 15 years.

However, widespread technology adoption is making the sector a bigger target to those looking to exploit it. Already, data security attacks are increasingly targeting healthcare payers and providers, with a 60% increase from 2013 to 2014. A report that we recently sponsored, The Healthcare Internet of Things: Rewards and Risks, explores the security challenges and societal opportunities for networked medical devices. These devices may be wearable, temporarily ingested, or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for the industry, regulators, and the medical profession to maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.

Serious Risks Require Serious Attention

The big risks to networked healthcare are personal data theft, device tampering, widespread disruption, and accidental failure. Security cannot be a bolt-on for networked healthcare and devices. It needs to be built into the ecosystem, from device to network and from communications to data center. A health network that is connected to the Internet for email, to a supplier via private network, or to patient devices exposes the whole ecosystem to network-based risks. Relying solely on traditional firewall techniques of blocking traffic or shutting down ports is insufficient and may even be counter-productive if they restrict access to information, isolate critical devices, or interrupt service delivery.

Securing healthcare networks requires management tools with the capability to inspect traffic, apply security policies, and monitor activity. Data must be appropriately protected, whether it is operational, financial, or personal. Devices and personnel need to communicate securely with each other, and encryption helps protect data in transit and at rest. User authentication and identity verification tools are needed so that both devices and people can identify the appropriate trust level of the relationship. Updates and deployments cannot disrupt essential networks and the life-critical devices they support, with a minimal impact on staffing, support levels, and costs.

One high-profile security breach could discourage the adoption of networked healthcare and its associated benefits for a decade or more. With the value of stolen healthcare data on the black market rocketing, we’re calling for technology developers and policy makers to work closer with the security sector to ensure that innovation leads to real enablement, not to opening another door to cybercrime.

Pat Calhoun is Senior Vice President & General Manager, Network Security at Intel Security and responsible for defining and executing the strategic direction for McAfee's Network Security business. Calhoun leads the engineering, marketing, and sales functions that drive ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34812
PUBLISHED: 2021-06-18
Use of hard-coded credentials vulnerability in php component in Synology Calendar before 2.4.0-0761 allows remote attackers to obtain sensitive information via unspecified vectors.
CVE-2021-34808
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in cgi component in Synology Media Server before 1.8.3-2881 allows remote attackers to access intranet resources via unspecified vectors.
CVE-2021-34809
PUBLISHED: 2021-06-18
Improper neutralization of special elements used in a command ('Command Injection') vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34810
PUBLISHED: 2021-06-18
Improper privilege management vulnerability in cgi component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to execute arbitrary code via unspecified vectors.
CVE-2021-34811
PUBLISHED: 2021-06-18
Server-Side Request Forgery (SSRF) vulnerability in task management component in Synology Download Station before 3.8.16-3566 allows remote authenticated users to access intranet resources via unspecified vectors.