Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Partner Perspectives  Connecting marketers to our tech communities.
10:45 AM
Lorie Wigle
Lorie Wigle
Partner Perspectives

The Promises And Perils Of The Healthcare Internet Of Things

Connected devices are working wonders for managing treatment, but their integration with consumer technology and cloud computing raises significant security issues.

What has been happening over the past week or month with your blood pressure, heart rate, glucose level, respiration, or oxygen levels? How much and what type of exercise do you do, and what effect is it having? While the answers to these questions may not be on the tip of your tongue, wearable medical technologies can monitor, store, and transmit this data, providing your healthcare team with more granular information than they have ever had outside of a hospital. These and other connected healthcare devices are improving diagnosis, treatment, and quality of life, while reducing costs.

How much do you weigh? What do you eat? What medications are you taking? What diseases or conditions do you have? Medical information is also one of the most personal and private aspects of our society. While it is important for your healthcare professionals to know these things, it is equally important to keep it private from those who may use the information to take advantage or discriminate against you.

Tiny devices that can be worn, implanted, or even ingested are being invented at an accelerating pace. And they are not just monitoring, but taking an active role in managing a long list of things, including hearts, pain, insulin, and seizures. These devices are working wonders for managing treatment and quality of life outside of hospitals. But their connectivity and integration with consumer technology and cloud computing raise significant security issues. The biggest concerns are privacy violations and intentional disruptions, and one high-profile security incident could discourage adoption for decades.

Personal medical information is valuable to cyber criminals. While stealing credit card numbers is big business, the stolen card has no value once it is reported stolen. Stolen medical data, on the other hand, can be sold for insurance fraud repeatedly and can continue to add value for years. And we can only imagine what other unethical and illegal uses criminals could come up with.

Security By Design

Managing and reducing these security concerns requires a change in how we design, develop, and regulate connected healthcare devices. The first step is a focus on security by design, making upfront investments that will pay back benefits to the device manufacturers and the healthcare community for years. Sharing best practices and building shared or open-source libraries of common functions would go a long way to quickly improving security across the industry.

Then we need better collaboration among vendors, medical practitioners, and regulators to openly discuss and resolve issues, enable innovation and effectiveness, and safeguard the public interest. Regulators themselves need to review the approval process, taking into consideration the pace of technological change and the cloud nature of data that crosses national and corporate borders, while continuing to protect patients. Finally, we need to learn from social media and customer centric design, listening better to the voices of the patients and families involved and incorporating their feedback.

Connected healthcare devices deliver highly personal benefits, embedding the Internet into medical processes. With these tools, we are already seeing improved medical outcomes, better quality of life, and lower healthcare costs, and we are just at the beginning of this transformation. Incorporating security by design, increasing collaboration, and evolving the regulatory process will ensure these benefits are not lost to crybercrime and security breaches.

For more information on the topic, check out Atlantic Council’s recent report at The Healthcare Internet of Things Rewards and Risks.

Lorie Wigle is building a new business focused on securing critical infrastructure and IOT more broadly at Intel subsidiary McAfee. Lorie has been with Intel for nearly 30 years in a wide variety of marketing and technical roles. She has an MBA from Portland State University ... View Full Bio
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Strategist
6/18/2015 | 2:25:48 PM
Re: Scare tactics

As far as scary goes...I'd say it's serious but not scary, because unlike the horror movie, we know exactly what to do about it. 

Hope that no one thinks this is a call to do nothing and wait until everything is perfect. In fact, it's quite the opposite, as doing nothing about security is part of the problem today. No one should be waiting to employ best security practices: the technologies already exist today to address these serious risks. Employing them doesn't get in the way of using the Healthcare Internet of Things. Hardening the device can be as straightforward as providing for immutable device identity, a secure boot and application whitelisting. Failure to adopt security will lead to distrust of the Healthcare IoT and get in the way of its adoption. There is no reason to wait.


User Rank: Apprentice
6/12/2015 | 11:54:04 AM
Scare tactics
"They Sky is Falling. The Sky is Falling." Isn't that what the umbrella salesman says? 

While the article did mention some of the benefits of Healthcare Internet of Things, the overal tone was to make this a very scary place, discouraging use of these technologies until all is perfect. Just consider the source.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/3/2020
'BootHole' Vulnerability Exposes Secure Boot Devices to Attack
Kelly Sheridan, Staff Editor, Dark Reading,  7/29/2020
Out-of-Date and Unsupported Cloud Workloads Continue as a Common Weakness
Robert Lemos, Contributing Writer,  7/28/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows remote attackers to read and modify data in the KeePass database via a WebSocket connection.
PUBLISHED: 2020-08-03
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, which allows remote attackers to read and modify data in the KeePass database via an A=0 WebSocket connection.
PUBLISHED: 2020-08-03
Active IQ Unified Manager for Linux versions prior to 9.6 ship with the Java Management Extension Remote Method Invocation (JMX RMI) service enabled allowing unauthorized code execution to local users.
PUBLISHED: 2020-08-03
Active IQ Unified Manager for VMware vSphere and Windows versions prior to 9.5 are susceptible to a vulnerability which allows administrative users to cause Denial of Service (DoS).
PUBLISHED: 2020-08-03
A vulnerability in the Fanuc i Series CNC (0i-MD and 0i Mate-MD) could allow an unauthenticated, remote attacker to cause an affected CNC to become inaccessible to other devices. The vulnerability is due to improper design or implementation of the Ethernet communication modules of the CNC. An attack...