Security is needed to underpin healthcare IoT
It’s impossible to deny the IoT explosion happening today. Across a wide range of industries – automotive, manufacturing, homes, transportation, to name just a few – we’ve seen a rapid expansion and adoption of IoT devices. By 2020, just two years from now, we’ll be looking at an annual market with an estimated value of more than $260 billion [1].
Bluetooth Low Energy,
Dialog Semiconductor plc
It is notable that according to this source, the things themselves will be less than one fifth of the value but that is still approximately $50 billion of annual spending.
In the health and medical world, the influence and adoption of IoT devices will have – and in fact, is already having – a profound effect on our own personal, individual well-being. Heart monitors, connected pacemakers, health and wellness wearables, glucose monitors, blood pressure monitors, smart inhalers – these are a just few of the innovations changing how medical care is administered and tracked in a hyper-connected world.
But, in the rush to overhaul the healthcare landscape with innovative and exciting technologies, it’s important that the developers of these IoT devices are not overlooking fundamental security that could be as detrimental as the devices themselves are hoped to be beneficial.
Command and control
Any product, regardless of whether or not it’s an IoT device, hits the market with potential concerns about product failure and vendor and manufacturer liability for that failure. That’s nothing new. But, what is new is the acute level of risk that vulnerabilities in IoT devices, particularly healthcare IoT devices, present to their users – be it patients, doctors, administrators or anyone in between.
Next: Recall
Design vulnerabilities in these devices may provide backdoor entry points for malicious actors to take over these devices – in other words, command and control. These fears were best brought to light in 2017, when the United States’ Food and Drug Administration recalled over 500,000 pacemakers [2] over the threat of command and control vulnerabilities and other lax cybersecurity protection that could have left patients with pacemakers with a critically dangerous vulnerability to hackers.
Data hacking and harvesting
Command and control is not the only risk facing the security of IoT healthcare devices. The overall threat of data hacking and harvesting raises many of the same fears, in addition to more broad concerns about user privacy standards and expectations.
The recently revealed Spectre and Meltdown vulnerabilities [3] very publicly crystallized these fears.
Connected healthcare IoT devices may be running operating systems on processors that were vulnerable to the Spectre and Meltdown exploits. Even worse, they may be just as vulnerable to similar future attacks that can and likely will occur at some point down the line. These attacks would be troubling enough on their own. But, the fact that healthcare IoT devices – and the patient data they collect and use – exist in a shared infrastructure only raises the risks and stakes that come with sensitive information leaks, privacy breaches and illicit data harvesting.
Making device security a priority for healthcare IoT
I don’t want to sound overly doom-and-gloom about this. The fact is, IoT can do, and is doing, a lot of good in the healthcare space, and these innovations and positive outcomes – for doctors, patients, researchers, administrators, everyone across the board – will only continue to grow in the years ahead. But, at the same time, we need to be honest about the two sides to this coin, and that the other side boasts a serious level of security risks.
Being honest about those risks also means doing something about them, too, and luckily, we have the power to do just that. IoT developers and engineers can tackle these security and privacy concerns head on by prioritizing device designs that integrate components with built-in, cybersecurity protections.
Next: All the crypto
Cryptographic algorithms, hashing functions, random number generators and secure key storage and management are just a few of the key security hardware blocks to look for in IoT System-On-Chips. Manufacturers must emphasize these and other solutions in their IoT device designs to ensure a more robust level of cybersecurity that can keep up with the threats that our healthcare devices may face at any given time.
At the same time, we can’t think of this as a problem with just a hardware solution; there is a software side to this equation we have to consider, too. Developers must guarantee they’re overlaying software that uses this hardware architecture to deliver secure services like secure booting, software authentication and data encryption. These services are critical for applications to protect themselves from security risks. While the hardware security blocks are important, too, without this layer of software protection layered on top of them, then the hardware is just wasted silicon.
The IoT is paving the way to a bright future in healthcare, where hyper-connected devices can help to improve patient care outcomes, provide cutting-edge tools for doctors and streamline patient data collection. But, the flip side of this coin is a new level of security and privacy risks. Developers can’t anticipate every future security threat on the horizon, but they have to begin integrating software and hardware security features into their device designs now in order to stave off as many of these potential risks as possible.
Mark de Clercq is director of Bluetooth Low Energy at fabless chip supplier Dialog Semiconductor plc
[1] Forbes article referencing Boston Consulting Group
[2] Guardian report August 31, 2017
[3] Intel produces white paper, benchmark on Meltdown, Spectre
Related links and articles:
News articles:
Dialog releases first fruits of Silego acquisition
Dialog applies Bluetooth Low Energy to tyre pressure monitoring
Dialog provides Bluetooth 5 chip with microphone interface
If you enjoyed this article, you will like the following ones: don't miss them by subscribing to :
