May 23, 2016

Healthcare IoT, Cloud and Security

What if an ambulance could process critical information about the patient before it arrives at the hospital, to allow for the patient to be examined before entering the hospital? What if the Equipment Manufacturer could accurately foresee the lifespan of life-saving equipment, dispatch an engineer, to proactively fix equipment before it fails?

The IoT Revolution in Healthcare

The IoT is set to revolutionize healthcare, transforming the way hospitals, clinics and other facilities operate with the aim to reduce costs and provide optimal patient care. Forbes estimates a $117 billion market for the Internet of Things in Healthcare by 2020.

All of this begins with data, ‘Big data’, a vast amount of data sourced from the ever-growing network of connected devices and sensors, which make up the Internet of Things. Take for example an Intensive Care Unit (ICU), which can take up to 2000 different data points per seconds per patient to make decisions. This data is rarely processed in real-time, nor collected for analysis.

Healthcare IT is often riddled with costly legacy systems and regulations, but the power of IoT and the massive opportunity which lies in the analysis and processing of “big data” may force hospitals to adopt cloud based solutions to keep cost of IT Infrastructure at a competitive level, with the ultimate goal of optimised patient care.

One of the primary obstacles in healthcare IoT, is data privacy and securityHow can hospitals and equipment vendors effectively harness and leverage the vast amounts of data sourced from devices and sensors located in ICUs, in a secure manner?

Intermediary message brokers, such as MQTT has found new life in the context of IoT due to its efficiency and fault tolerance. Embraced by Amazon AWS IoT and Microsoft Azure, the MQTT broker would in the context of the ICU allow equipment vendors to subscribe to data relevant to the performance of the medical equipment, whereas the hospital would subscribe to data relevant to the health of the patient. Analysis of this data would allow the different entities to take advantage of predictive treatment and maintenance, which could ultimately save a patient’s life.

The Security Challenge to IoT Adoption in Healthcare

One of the challenges around all of this is security, and how to persist it end-to-end, through third-party cloud offerings. How can this be implemented without spending large sums of money on qualified network security specialists? How can authentication be implemented without having to spend large sums of money on certificates, and PKI management? How can security be scaled to support the ever-expanding IoT?

This can be a daunting task for any security professional. For instance, traditional Transport Level Security (TLS) does not provide end-to-end security, but merely point-to-point, and If you do not own the network or the cloud infrastructure, there is no way to ensure that a secure connection is being properly utilised, which leaves sensitive patient health data at risk.

As the IoT eco system grows, so will the attack surfaces, paving the way for cyber criminals, whether it is governments, hackivists or even terrorists. The possibilities of medical device hacking made Dick Cheney turn off wireless capability on his pace maker, out of fear that someone, a terrorist perhaps, could manipulate it, to disrupt his heart beat.

The Solution to IoT Security Issues

What if a solution existed, where scalable authentication and end-to-end security could be offered out of the box. What if we could automatically generate certificate-less keys, bound to the ‘DNA’ of the device, eliminating the risks associated with traditional PKI security, such as certificate theft, cloning and spoofing.

What if we could have a solution, which did not require static certificates thus reducing costs associated with PKI and certificate management. What if we could selectively encrypt individual properties (pieces of data) to different HIPAA/NIST compliant AES encryption keys, and allocate these keys to authorized parties only, where the equipment vendor would never be given access to the hospital’s decryption key and vice versa.

Device Authority can offer all of the above, and more, through it’s powerful KeyScaler™ IoT security platform.

Contact us to discover more. You can also explore our insights, videos and webinars to learn more about our IoT security platform.

Frode Nilsen