HackDig : Dig high-quality web security articles for hackers

A View From HIMSS 2015 - The Third Vector of a Healthcare Cyber Attack

2015-04-17 01:35

Recently, I wrote about the three vectors of a healthcare cyber attack. This is the third of a three-part series examining each vector in depth with some new perspectives here at HIMSS.

Recently, I’ve been writing about the three vectors of a healthcare cyber attack. Last week, I introduced the idea of the Internet of Medical Things when I talked about connected medical devices. These devices sit in hospitals and doctors’ offices, clinics and nursing homes. They range from IV pumps to CT scanners. They are, however, just the tip of the iceberg as the Internet of Things truly goes mainstream and healthcare applications begin taking advantage of emerging IoT technologies.

Today, though, I’m at HIMSS and I’m struck by the focus on population health. This will be a significant driver for the expansion of the Internet of Medical Things into patient homes and personal healthcare devices. Bringing this kind of technology closer to the patient is a powerful opportunity to accomplish several goals in healthcare:

  • Enabling proactive management of disease and medical conditions, both from an epidemiological perspective with big data collected from large numbers of patients and from active, home-based patient monitoring
  • Reducing costs and improving quality of life by keeping patients in their homes longer
  • Creating opportunities for patients to be more aware of their own health and fitness with active feedback from apps and wearables
  • Increasing medication compliance through automated delivery or easy reminders
  • Expanding access to state-of-the-art care in underserved areas

All of this adds up to what we often call transformed care. Whether it’s an app on a smartphone, a home monitoring device, or the latest wearable, the consumer side of the Internet of Medical Things is opening new doors for personal health and healthcare delivery. This is the good news and if what we’re seeing at HIMSS this year is any indication, this entire market is set for solid growth.

To understand the magnitude of the threat, let’s take a step back and look more closely at the types of devices and applications that are involved personal and home health. On the consumer side of things, many of these devices are focused on fitness, tracking our movements, sleep patterns and more. As the technology matures, we’ll see consumer applications grow. Apple HealthKit gives us a preview of what’s to come, as developers begin taking advantage of the technology we keep in our pockets and wear on our wrists.

Beyond consumer apps and devices, we’re already seeing big data and predictive analytics applied to proactive monitoring for elderly patients, allowing doctors to intervene based on data from wearables in certain populations. Many devices like pulse oximeters and blood pressure monitors connect chronically ill patients at home to their healthcare providers. Glucose level monitors automatically upload data to health information systems for diabetic patients while children with issues like ADHD can continually monitor and report symptoms while their doctors titrate medications. Clinical trials as well are now beginning to collect data in real time, both through patient self-report and automated monitoring devices.

Even increasing access to patient portals with healthcare providers falls under the umbrella of home health care and opens yet another hole in the already tenuous security in place around protected health information. Telemedicine can connect patients in rural areas to experienced physicians and first responders are now using tablets to allow emergency room doctors to assess patients without costly ambulance rides and visits to emergency rooms.

In all of these cases, countless bits of sensitive patient data are flying across the public Internet, apps are interfacing with cloud-based systems, and various point solutions are collecting and transmitting data with dubious security provisions.

For consumer-focused Medical Things, improving security is fairly straightforward: apps and devices need to be designed with security baked into the software and the APIs that let them connect to cloud-based systems. This is easier said than done, as many products are designed for convenience or whiz-bang features rather than security, but security simply must be top of mind as more of these devices and apps come to market.

For the home healthcare market, though, it’s time that we made a more fundamental shift in the way we think about security. Yes, devices and apps in this patient-focused environment also need to be developed with a close eye on security. But patient homes can no longer be treated merely as homes with some additional technology thrown in for healthcare purposes. Instead, we need to think of them in the same way we might think of branch offices and secure them accordingly. Secure, successful implementation of home-based healthcare requires a degree of infrastructure that simply isn’t present in most homes.

Hospital network administrators wouldn’t generally connect a satellite clinic to critical hospital systems without some additional layers of security and the same should be true for the newest branch offices - patient homes. Although this doesn’t necessarily mean that every patient needs a firewall in their home, network administrators should be able to ensure secure connections and threat detection capabilities for traffic coming from home healthcare devices. Without such protections, home-based connected equipment will become open doors for hackers looking for access to high-value healthcare data.

Source: kcatta-rebyc-erachtlaeh-a-fo-rotcev-driht-eht-5102-ssmih-morf-weiv-a/tsop/moc.tenitrof.golb

Read:5215 | Comments:0 | Tags:No Tag

“A View From HIMSS 2015 - The Third Vector of a Healthcare Cyber Attack”0 Comments

Submit A Comment



Blog :

Verification Code:


Tag Cloud