Connecting devices, people, and systems has particularly strong impacts in the healthcare industry. Up-to-the-second information can mean the difference between life and death for patients, and the potential applications of connected technology to improve care are endless. Improving healthcare through new IoT technologies could provide plenty of benefits to customers, but also to providers: Harbor Research predicts that connected devices will drive nearly $47 billion in revenues in healthcare revenue by 2020.
But as in the digitization of any industry, the same connectivity—that is, networked processes, services and devices—that drives significant value simultaneously heightens security and privacy risks.
To illustrate the splintering value and vulnerability inherent across many potential healthcare applications, let’s look at one example of a single connected machine.
IoT Security in Healthcare: MRI Machine
Consider a magnetic resonance imaging (MRI) machine, for example. This one piece of equipment generates and collects enormous amounts of valuable data. not just about the patients it scans, but also about its own performance, that can benefit patients, healthcare providers, and manufacturers.
For instance, temperature, vibration, or other sensor readings can indicate possible malfunction or threat of downtime, while external sensors placed around the room monitor the machine environment and help track patient and provider activity in the space..The knowledge that the machine is about to go down or needs a replacement part can help hospitals order new parts before they break or pre-emptively send a maintenance team to assess problems. Administrators are then able to schedule appointments around planned fixes, saving patients’ and doctors’ time and hassle.
Then there are the very scans that MRI machines conduct, which produce and transmit highly sensitive, extremely private patient information to doctors and radiologists. Digitizing these images and their delivery to patients and their caregivers speeds up diagnostic process and enables easier collaboration, resulting in better care.
Exhibit I: MRI Data Flows Across Devices, Processes, Services, and Stakeholders
Despite significant improvements in value, performance, downtime prevention, and patient and caregiver experience, the transmission of all of this information is also a risk. Data flowing from machine to manufacturer, back to the hospital administration, out to doctors’ offices, into consumer apps, and other cloud-based software and storage services are all susceptible to interception and manipulation. Harbor Research’s latest paper, Security for the Internet of Things, outlines the critical areas and recommended steps companies must follow to best secure new devices and data flows.
In the case of the MRI machine, the first step is to recognize the many parties and stakeholders who collect, share, receive, or store the data. Medical environments are complex and unique to each customer, so providers may need to tweak their solutions based on those differences.
Next, organizations myst apply the five key functions of security—identity, access and user management, encryption, analytics, and network security— across the many possible end points and channels involved. Encrypting patient record data, using identity management to verify whose accessing a viewing workstation, or segmenting network traffic between the hospital’s billing system and equipment data, are just a few examples.
Finally, solution providers must understand that even a long-lived machine needs upkeep and will eventually require retirement. This demands that processes are in place to make sure that no errant information escapes into the wrong hands. From the very beginning of a solution’s design cycle, technology suppliers and IoT adopters must continuously reassess each of the three steps to meet new security challenges as they unfold.
The following exhibit illustrates the three critical steps organizations must follow (and continually optimize!) by assessing the broad threat landscape, applying a multi-faceted approach to security, and defining lifecycle controls.
Exhibit II: Three Steps to Holistically Address IoT Security
Whether manufacturer, hospital, service provider, every organization applying and leveraging connectivity to their products and services must assess security in a new light. Although these steps provide a solid foundation for an initial IoT solution, the truth is that security is a constantly evolving challenge. What works today will be outdated and useless tomorrow as ever-more-innovative hackers and threats emerge. Even with the best intentions, many security safeguards are not impenetrable. Instead, solution providers and IoT adopters should apply these steps to achieve the strongest possible protections today, while continuously re-evaluating against threats of tomorrow.
To Achieve Full Value Potential, Connected Healthcare Solutions Require a New Approach to Security
The Internet of Things presents profound opportunities and threats for healthcare services and delivery. Security and privacy are vital in this industry where uniquely personal and sensitive information is commonplace and potential consequences of medical errors are severe. Unauthorized access to patient health records, implanted medical devices, and other equipment can have devastating, even fatal impacts. Perhaps more so than any other sector, to realize the value of IoT in healthcare is to realize the imperative to embrace a new approach to security.
Increasing and improving collaboration across all stakeholders, from patients and their families to doctors to insurance providers, holds great promise for improving the lives of people around the world. Delivering these solutions and their benefits ultimately requires more than connectivity: it requires trust, safety, value, utility, and an underlying support structure for ongoing privacy and security protections.