Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/24/2015
11:06 AM
Pat Calhoun
Pat Calhoun
Partner Perspectives
50%
50%

Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners

Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.

Healthcare is inherently a service of data and networking. Patients convey information to doctors, general practitioners consult with specialists, healthcare teams develop and execute treatment plans, pharmacists review and fill prescriptions, and patients research and communicate with peers. Improving the efficiency of this network with connected technologies can improve healthcare outcomes and quality of life, while reducing costs. It can also expose intensely personal data and devices to privacy breaches and disruption.

Networked devices and healthcare are already improving quality of life for millions. Wearable fitness technology prompts us to do more exercise and monitor what we are eating. Implanted devices dispense insulin, prevent hear fibrillations, and manage pain. Online monitoring improves patient compliance with medication and reduces hospital visits. Almost 50% of healthcare providers have integrated consumer or operational technologies into their IT systems, and continued deployments could result in $63 billion in global healthcare savings over the next 15 years.

However, widespread technology adoption is making the sector a bigger target to those looking to exploit it. Already, data security attacks are increasingly targeting healthcare payers and providers, with a 60% increase from 2013 to 2014. A report that we recently sponsored, The Healthcare Internet of Things: Rewards and Risks, explores the security challenges and societal opportunities for networked medical devices. These devices may be wearable, temporarily ingested, or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for the industry, regulators, and the medical profession to maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.

Serious Risks Require Serious Attention

The big risks to networked healthcare are personal data theft, device tampering, widespread disruption, and accidental failure. Security cannot be a bolt-on for networked healthcare and devices. It needs to be built into the ecosystem, from device to network and from communications to data center. A health network that is connected to the Internet for email, to a supplier via private network, or to patient devices exposes the whole ecosystem to network-based risks. Relying solely on traditional firewall techniques of blocking traffic or shutting down ports is insufficient and may even be counter-productive if they restrict access to information, isolate critical devices, or interrupt service delivery.

Securing healthcare networks requires management tools with the capability to inspect traffic, apply security policies, and monitor activity. Data must be appropriately protected, whether it is operational, financial, or personal. Devices and personnel need to communicate securely with each other, and encryption helps protect data in transit and at rest. User authentication and identity verification tools are needed so that both devices and people can identify the appropriate trust level of the relationship. Updates and deployments cannot disrupt essential networks and the life-critical devices they support, with a minimal impact on staffing, support levels, and costs.

One high-profile security breach could discourage the adoption of networked healthcare and its associated benefits for a decade or more. With the value of stolen healthcare data on the black market rocketing, we’re calling for technology developers and policy makers to work closer with the security sector to ensure that innovation leads to real enablement, not to opening another door to cybercrime.

Pat Calhoun is Senior Vice President & General Manager, Network Security at Intel Security and responsible for defining and executing the strategic direction for McAfee's Network Security business. Calhoun leads the engineering, marketing, and sales functions that drive ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-37625
PUBLISHED: 2021-08-05
Skytable is an open source NoSQL database. In versions prior to 0.6.4 an incorrect check of return value of the accept function in the run-loop for a TCP socket/TLS socket/TCP+TLS multi-socket causes an early exit from the run loop that should continue infinitely unless terminated by a local user, e...
CVE-2020-22732
PUBLISHED: 2021-08-05
CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker..
CVE-2021-37604
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being validated/updated prior to message authentication.
CVE-2021-37605
PUBLISHED: 2021-08-05
In the Microchip MiWi v6.5 software stack, there is a possibility of frame counters being being validated / updated prior to message authentication.
CVE-2021-38138
PUBLISHED: 2021-08-05
OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release.