Security Essential for IoT and Networked Medical Devices

Intel Security, Atlantic Council Report on Challenges, Opportunities of Healthcare Internet of Things

Networked medical devices linked to the Internet of Things (IoT) hold tremendous promise if security is built in from the outset, according to a new report released today by Intel Security and the Atlantic Council.

“Networked healthcare can make the Internet of Things very personal”

The Healthcare Internet of Things: Rewards and Risks explores security challenges and societal opportunities for networked medical devices, including those that are wearable, temporarily ingested or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for the industry, regulators, and the medical profession to help them maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.

Networked medical devices may improve fitness, medical outcomes and quality of life. According to the report, one estimate of these technologies could save $63 billion in healthcare costs over 15 years with a 15-to-30 percent reduction in hospital equipment costs. However, the report finds the benefits of networked healthcare come with several main areas of concern: theft of personal information, intentional tampering with devices to cause harm, widespread disruption and accidental failures.

“Networked healthcare can make the Internet of Things very personal,” said Pat Calhoun, Senior Vice President and General Manager, Network Security at Intel Security. “When a networked medical device is connected to a person, the health information that can be exchanged may dramatically improve healthcare, but the consequences of privacy and network security intrusions are equally real. Security should be built into the whole healthcare ecosystem, from the device, to the network, to the data center.”

The report provides several recommendations intended to help foster innovation while reducing security risks, including:

• Security should be built into devices and the networks they use at the outset rather than as an afterthought.
• Industry and governments should consider implementing a comprehensive set of security standards or best practices for networked medical devices to address underlying risks.
• Private-private and public-private collaboration must continue to improve.
• The regulatory approval paradigm for medical devices may need to evolve in order to better incentivize innovations while enabling healthcare organizations to meet regulatory policy goals and protect the public interest.
• There must be an independent voice for the public, to ensure patients and their families have a voice, the goal being to strike a balance among effectiveness, usability, and security when the device is implemented and operated by consumers.