Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/24/2015
11:06 AM
Pat Calhoun
Pat Calhoun
Partner Perspectives
50%
50%

Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners

Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.

Healthcare is inherently a service of data and networking. Patients convey information to doctors, general practitioners consult with specialists, healthcare teams develop and execute treatment plans, pharmacists review and fill prescriptions, and patients research and communicate with peers. Improving the efficiency of this network with connected technologies can improve healthcare outcomes and quality of life, while reducing costs. It can also expose intensely personal data and devices to privacy breaches and disruption.

Networked devices and healthcare are already improving quality of life for millions. Wearable fitness technology prompts us to do more exercise and monitor what we are eating. Implanted devices dispense insulin, prevent hear fibrillations, and manage pain. Online monitoring improves patient compliance with medication and reduces hospital visits. Almost 50% of healthcare providers have integrated consumer or operational technologies into their IT systems, and continued deployments could result in $63 billion in global healthcare savings over the next 15 years.

However, widespread technology adoption is making the sector a bigger target to those looking to exploit it. Already, data security attacks are increasingly targeting healthcare payers and providers, with a 60% increase from 2013 to 2014. A report that we recently sponsored, The Healthcare Internet of Things: Rewards and Risks, explores the security challenges and societal opportunities for networked medical devices. These devices may be wearable, temporarily ingested, or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for the industry, regulators, and the medical profession to maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.

Serious Risks Require Serious Attention

The big risks to networked healthcare are personal data theft, device tampering, widespread disruption, and accidental failure. Security cannot be a bolt-on for networked healthcare and devices. It needs to be built into the ecosystem, from device to network and from communications to data center. A health network that is connected to the Internet for email, to a supplier via private network, or to patient devices exposes the whole ecosystem to network-based risks. Relying solely on traditional firewall techniques of blocking traffic or shutting down ports is insufficient and may even be counter-productive if they restrict access to information, isolate critical devices, or interrupt service delivery.

Securing healthcare networks requires management tools with the capability to inspect traffic, apply security policies, and monitor activity. Data must be appropriately protected, whether it is operational, financial, or personal. Devices and personnel need to communicate securely with each other, and encryption helps protect data in transit and at rest. User authentication and identity verification tools are needed so that both devices and people can identify the appropriate trust level of the relationship. Updates and deployments cannot disrupt essential networks and the life-critical devices they support, with a minimal impact on staffing, support levels, and costs.

One high-profile security breach could discourage the adoption of networked healthcare and its associated benefits for a decade or more. With the value of stolen healthcare data on the black market rocketing, we’re calling for technology developers and policy makers to work closer with the security sector to ensure that innovation leads to real enablement, not to opening another door to cybercrime.

Pat Calhoun is Senior Vice President & General Manager, Network Security at Intel Security and responsible for defining and executing the strategic direction for McAfee's Network Security business. Calhoun leads the engineering, marketing, and sales functions that drive ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Google's new See No Evil policy......
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-31664
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 44741ff99f7a71df45420635b238b9c22093647a contains a buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-33185
PUBLISHED: 2021-06-18
SerenityOS contains a buffer overflow in the set_range test in TestBitmap which could allow attackers to obtain sensitive information.
CVE-2021-33186
PUBLISHED: 2021-06-18
SerenityOS in test-crypto.cpp contains a stack buffer overflow which could allow attackers to obtain sensitive information.
CVE-2021-31272
PUBLISHED: 2021-06-18
SerenityOS before commit 3844e8569689dd476064a0759d704bc64fb3ca2c contains a directory traversal vulnerability in tar/unzip that may lead to command execution or privilege escalation.
CVE-2021-31660
PUBLISHED: 2021-06-18
RIOT-OS 2021.01 before commit 85da504d2dc30188b89f44c3276fc5a25b31251f contains a buffer overflow which could allow attackers to obtain sensitive information.