One of the significant benefits of telemedicine is immediate remote access to medication in life-threatening situations. Pacemakers that doctors can remotely monitor and maintain to identify problems before a heart attack occurs, and insulin pumps that can be adjusted wirelessly, giving a patient more control and better care, are already a reality. According to the Mayo Clinic, robotic surgeries allow doctors to perform many types of complex procedures with more precision, flexibility and control than is possible with conventional techniques.
Imagine a doctor conducting surgery on a patient with a surgical robot remotely, without being present other than sending the instructions to the robot securely. That is the telemedicine of tomorrow powered by the Internet of Things (IoT) and smart medical devices. Internet of Medical Things (IoMT) or Healthcare IoT has the potential to disrupt the healthcare industry for patient care/safety, cost savings and operational efficiency.
In this and in an accompanying blog written by Juan Asenjo from our partner nCipher Security, we discuss the security and safety challenges involved in deploying the smart medical devices, from surgical robots to embedded insulin pumps and pacemakers.
So far, the cybersecurity model evolved as an afterthought, heavily focused on detect and respond methods more than prevent and protect methods. Everyone knows that there are shortcomings in today’s cybersecurity landscape, hence why security breaches are on the rise irrespective of technology advancements, and billions of dollars invested. The current IT security models continue to fail, and still focus on data losses and access to services, rather than the safety issue. IoT and IoMT is about safety and economic issues.
In August 2017, The FDA announced the first-ever recall of a medical device (a pacemaker) due to cyber risk. In July 2015, the FDA issued an alert highlighting cyber risks related to infusion pumps.
To ensure the safety of patients and protect the privacy and integrity of the data, the FDA released a new guidance that addresses the steps manufacturers must follow in order to protect smart medical devices and data against cyberattacks.
IoMT is calling for a new security model with a Secure by Design approach, from the very beginning based on a Root of Trust.
The security for smart medical devices and the broader ecosystem starts with the right foundation of trust based on verifiable device identities through a robust public key infrastructure (PKI). The typical steps involved in securing a medical device are:
The unique need for healthcare or for any security conscious smart device is the ability to couple the Device Trust and Data Trust. If the device and data it collects can’t be trusted, there is no point in wasting resources collecting it, analyzing it and worst of all, making decisions and sending the wrong controls. Imagine if a doctor or clinician adjusts the wrong dose of medication to connected healthcare device?
Device Authority and our partner nCipher Security are helping secure medical devices. Our joint Healthcare IoT Security Blueprint provides the requirements, components and guidelines for secure and safe deployment of IoT technologies in healthcare. As a leading provider of secure identity and access management solutions, Device Authority enables end-to-end security architectures that scale to meet today’s demands. The KeyScaler Platform provides trust for medical and other IoT devices using breakthrough Dynamic Device Key Generation (DDKG) and PKI Signature+ technology. Integrating with nCipher’s nShield Hardware Security Modules (HSMs), the combined solution protects and manages critical cryptographic keys that form the root of trust for the entire ecosystem.
To learn more about securing connected medical devices, including how to design and deploy scalable credential management systems with a root of trust, register here for our joint webinar on 19 February: “Cyber Security vs. Cyber Safety – Are Medical Devices Secure and Patients Safe?”
If you want to reach me for further discussion, contact me on Twitter @raocherukuri.
Please wait while you are redirected to the right page...