Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
3/24/2015
11:06 AM
Pat Calhoun
Pat Calhoun
Partner Perspectives
50%
50%

Networked Healthcare: Connecting You, Your Devices, and Your Health Practitioners

Technology developers and policy makers must work closer with the security sector to ensure that innovation leads to real enablement, not cybercrime.

Healthcare is inherently a service of data and networking. Patients convey information to doctors, general practitioners consult with specialists, healthcare teams develop and execute treatment plans, pharmacists review and fill prescriptions, and patients research and communicate with peers. Improving the efficiency of this network with connected technologies can improve healthcare outcomes and quality of life, while reducing costs. It can also expose intensely personal data and devices to privacy breaches and disruption.

Networked devices and healthcare are already improving quality of life for millions. Wearable fitness technology prompts us to do more exercise and monitor what we are eating. Implanted devices dispense insulin, prevent hear fibrillations, and manage pain. Online monitoring improves patient compliance with medication and reduces hospital visits. Almost 50% of healthcare providers have integrated consumer or operational technologies into their IT systems, and continued deployments could result in $63 billion in global healthcare savings over the next 15 years.

However, widespread technology adoption is making the sector a bigger target to those looking to exploit it. Already, data security attacks are increasingly targeting healthcare payers and providers, with a 60% increase from 2013 to 2014. A report that we recently sponsored, The Healthcare Internet of Things: Rewards and Risks, explores the security challenges and societal opportunities for networked medical devices. These devices may be wearable, temporarily ingested, or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for the industry, regulators, and the medical profession to maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.

Serious Risks Require Serious Attention

The big risks to networked healthcare are personal data theft, device tampering, widespread disruption, and accidental failure. Security cannot be a bolt-on for networked healthcare and devices. It needs to be built into the ecosystem, from device to network and from communications to data center. A health network that is connected to the Internet for email, to a supplier via private network, or to patient devices exposes the whole ecosystem to network-based risks. Relying solely on traditional firewall techniques of blocking traffic or shutting down ports is insufficient and may even be counter-productive if they restrict access to information, isolate critical devices, or interrupt service delivery.

Securing healthcare networks requires management tools with the capability to inspect traffic, apply security policies, and monitor activity. Data must be appropriately protected, whether it is operational, financial, or personal. Devices and personnel need to communicate securely with each other, and encryption helps protect data in transit and at rest. User authentication and identity verification tools are needed so that both devices and people can identify the appropriate trust level of the relationship. Updates and deployments cannot disrupt essential networks and the life-critical devices they support, with a minimal impact on staffing, support levels, and costs.

One high-profile security breach could discourage the adoption of networked healthcare and its associated benefits for a decade or more. With the value of stolen healthcare data on the black market rocketing, we’re calling for technology developers and policy makers to work closer with the security sector to ensure that innovation leads to real enablement, not to opening another door to cybercrime.

Pat Calhoun is Senior Vice President & General Manager, Network Security at Intel Security and responsible for defining and executing the strategic direction for McAfee's Network Security business. Calhoun leads the engineering, marketing, and sales functions that drive ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Edge-DRsplash-10-edge-articles
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
News
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Commentary
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: What Virtual Reality phishing attacks will look like in 2030.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21652
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins.
CVE-2021-21653
PUBLISHED: 2021-05-11
Jenkins Xray - Test Management for Jira Plugin 2.4.0 and earlier does not perform a permission check in an HTTP endpoint, allowing with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
CVE-2021-21654
PUBLISHED: 2021-05-11
Jenkins P4 Plugin 1.11.4 and earlier does not perform permission checks in multiple HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21655
PUBLISHED: 2021-05-11
A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attacker-specified Perforce server using attacker-specified username and password.
CVE-2021-21656
PUBLISHED: 2021-05-11
Jenkins Xcode integration Plugin 2.0.14 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.