Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Connected medical device makers need to step up security

Thor Olavsrud | Aug. 3, 2016
The internet of things (IoT) shows huge promise in the healthcare sector, but there are serious security implications. Device manufacturers need to do more to secure devices and hospital CIOs need to demand better security.

medical devices

The healthcare industry is adopting internet of things (IoT) devices at a rapid rate. But while the value of connected devices in the medical sphere is becoming increasingly clear, device makers and hospitals need to step up their game in a big way when it comes to security.

Management consulting firm McKinsey & Company estimates that by 2025, just the remote monitoring enabled by IoT medical devices could create as much as $1.1 trillion a year in value by improving the health of chronic-disease patients.

Connected glucometers, blood pressure cuffs and similar devices can collect all sorts of vital sign data on patients automatically, allowing nurses and doctors in the hospital setting to respond early and quickly to patient needs. Devices like connected infusion pumps that deliver precise dosages of drugs can respond to changing conditions as needed. In-home medical devices can allow hospitals to discharge patients from hospitals sooner, while still monitoring patients' conditions.

But healthcare IoT isn't limited to medical device integration. It will play a role in inventory management — particularly in areas like pharmacy. It will also have a dramatic effect on workflow optimization. For instance, RFID tags in wrist bands and ID badges could help a hospital better understand the flow of people through their facilities.

"When you're using connected devices, it makes it a lot easier for doctors and nurses to enter patient information into patient health records," says Vlad Gostomelsky, a network security professional and managing consultant with Spirent Communications, a specialist in network, device and services testing.

That's important, because as of October of last year, the U.S. Department of Health and Human Services has mandated that U.S. healthcare providers use ICD-10-CM, a new and much more detailed version of the International Statistical Classification of Diseases and Related Health Problems (ICD), which is a medical classification list by the World Health Organization (WHO). The new codes can tell healthcare professionals whether a patient was bitten by a squirrel (W53.21XA), struck by lightning once (T75.01XA) or even struck by lightning a second time (T75.01XD).

The idea is to create much more granular data that allow researchers to better understand trends and outbreaks. It could be scientists seeking to understand the pattern of an infectious disease or researchers looking for patterns of injury with regard to particular products.

The thieves are watching

The uses of such data are myriad. But the data is also extremely sensitive and  valuable to thieves. In the case of devices like infusion pumps or pacemakers and implantable defibrillators, the consequence of a security vulnerability could be deadly. Other data can be used for identity theft or even blackmail.


1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.