The Internet of Medical Things (IoMT)
We deliver trustworthy security for connected medical devices to prevent malicious attacks, protect patient privacy and ensure patient safety, while also protecting your brand and reputation.
Mobility of patient care with safety in mind
Patients with respiratory disorders can safely and securely manage their oxygen treatment anywhere and at any time with the GCE Group’s portable oxygen concentrator, Zen-O.
Smart connectivity in medical devices heightens security and privacy risks
The Internet of Medical Things (IoMT) is transforming how we keep people safe and healthy especially as the demand for solutions to lower healthcare costs increase in the coming years. The IoMT can help monitor, inform and notify not only care-givers, but provide healthcare providers with actual data to identify issues before they become critical or to allow for earlier invention.
Connecting devices, people, and systems has particularly strong impacts in the healthcare industry. Up-to-the-second information can mean the difference between life and death for patients, and the potential applications of connected technology to improve care are endless. Pacemakers that doctors can remotely monitor and maintain to identify problems before a heart attack and insulin pumps that can be adjusted wirelessly, giving a patient more control and better care are already a reality.
As in the digitization of any industry, the same connectivity that drives significant value simultaneously heightens security and privacy risks. The main threats fall in two categories:
Personal Data Theft
Hackers can access medical and financial information through IoT devices
Vulnerabilities in a networked medical device pose obvious privacy risks, since these devices access patients’ most personal biological data. Hackers may use connected medical devices to steal patients’ data for identity theft, targeted blackmailing, buying drugs or medical equipment to resell and filing fraudulent insurance claims. Additionally, if these devices interface with medical billing records, then patients risk losing both medical and financial information.
Intentional Disruption and Device Tampering
Cyber terrorists can close down entire hospital systems and immobilize services and medical devices
Intentional disruption and cyber terrorism pose significant risks, because networked medical devices face the same technological vulnerabilities as any other networked technology. Security vulnerabilities have been discovered in pacemakers, defibrillators, and diabetes insulin pumps. These devices are meant to be communicating with the management server only, but have been found to broadcast signals out into the Internet, breaching security protocols.
To cite an example, Johnson & Johnson’s insulin pump turned out to be highly vulnerable due to the unencrypted wireless connection between the remote and the pump, giving hackers a chance to easily implement their malicious techniques: to trigger unauthorised insulin injections and access the entire hospital system to immobilise services and cause panic and chaos.
To realize the value of IoT in healthcare and medical devices, we require a new approach to security
Device Authority’s KeyScaler™ platform uses unique patented Dynamic Device Key Generation (DDKG) and PKI Signature+ technology to address the challenges of IoT in healthcare, in particular for medical devices.
- Device Trust - Identity & Authentication: KeyScaler provides a strong root of trust, securing the medical devices’ identity and offers an automated approach for registering and authenticating devices at IoT scale. Whether in a hospital or pharmaceutical company, these measures protect sensitive patient data and other information exchanged among a wide range of devices – from smartphones to tablets, to large surgical robots or any other device that leverages standard digital certificate protocols.
- Data Trust – Privacy & Encryption: To minimize risks of data breaches and avoid negative outcomes like in Johnson & Johnson’s insulin pump case, data is encrypted from the medical device, in transit and persists encrypted at rest in the IoT platform, all defined and controlled by policy and the customer. All medical data is transferred, agnostic to any network architecture or communications used, maintaining the privacy of medical data.
Device Authority’s core security solution for medical devices delivers a number of benefits including:
- Ensures patient safety
- Enables compliance and manages risk for the evolving healthcare regulatory landscape including: HIPAA, HITECH and Digital Data Shredding of Protected Health Information
- Ensures patient data confidentiality – you can’t trust the data if you can’t trust the device
- Supports patient duty of care for both the healthcare institution and practitioner
- Protects the healthcare or pharmaceutical organization's brand integrity and reputation
Have a Question?
Interested in learning more about security and privacy for your medical devices? Schedule a 20-minute, online meeting with an medical IoT security specialist to discuss your individual requirements.