Securing medical IoT layer by layer
Connected medical devices in the form of wearables, ‘implantables’ or apps on consumer mobile devices may change the way people seek out healthcare, interact with providers and receive care. But the transformative power – and broad acceptance – of the “Internet of Health Things,” (IoHT) hinges on device, app makers’ and providers’ ability to keep data and devices secure against cyberattacks.
Those attacks can come in several forms, whether their goal is to interrupt device operations, steal personal data or manipulate data to create unwanted outcomes. This variety in the threat landscape makes end-to-end security across healthcare cloud networks, devices and the gateways that connect them the best and most complete defense against IoHT cyberattacks.
Cloud and apps
At the top layer, an IoHT cloud typically stores and analyses data sent from connected devices while also managing certain application parameters and access permissions. Without adequate cloud security, hackers could steal large volumes of personal data or disrupt proper functioning of IoHT platforms where health insights and care decisions are translated to providers and patients. They could also work backwards from the cloud to assume control over devices.
Effective security at the cloud level requires two actions on the part of healthcare organisations’ security teams: Data at rest in cloud databases and data transmitted out of the cloud must be encrypted. Going the other way, devices or users (doctors, patients, customer support teams, etc.) accessing cloud apps or data must be verified with strong authentication procedures.
Encryption in general is relatively accessible for any organisation today. Cloud service providers (CSP) offer encryption services of varying strengths, depending on price points. IT administrators can tap their CSP to encrypt only data at rest, just data in transit, both or neither – though the latter option is definitely not recommended.
Devices, gateways and apps may also feature their own encryption capabilities, so to keep costs and complexity in check, security teams will want to assess the ground cover provided by encryption at other parts of the IoHT stack before deciding on cloud encryption tools.
Where encryption protects this complex infrastructure of apps, devices, users and data from theft or malicious access, strong authentication procedures are needed to prevent fraudulent access or accidental data leakage from the cloud and the IoHT systems it supports. Organisations can simplify authentication security across the cloud, apps and devices from multiple vendors by instituting their own public key infrastructure (PKI) for creating, distributing and verifying digital signatures.
These signatures are generated via cryptographic processes, so each signature is unique. To limit energy costs and better protect the decryption key used to verify digital signatures, PKI processes are best carried out in dedicated, protected and optimised processing enclaves often called hardware security modules (HSMs). Despite the name, HSMs are available in virtual form (“as a Service”), too.
Once created, keys issued to devices or apps need to be stored in a tamper-resistant way – such that any unauthorised attempt to change or copy a key will make it invalid – so devices and apps can be trusted as authorised pieces of the IoHT stack when users log into cloud networks, record or retrieve data from the cloud.
Together, encryption and digital signature authentication controls help ensure that only authorised people are seeing information about a certain case. They will also secure against data manipulation that could damage networks or physically harm people, and will prevent data theft by “eavesdropping” hackers.
Securing the cloud helps ensure only authorized users and devices can access medical data or make changes to the databases that power IoHT apps. Between the cloud and devices often sit gateways, and this middle section of the IoHT stack has an important role to play as a mediator for communications between devices and the cloud.
- The Falsified Medicines Directive: guidance for wholesalers, distributors and logistics partners
- CVS Health launches a new pilot programme to combat diabetes in underserved areas
- Amazon secures a patent to further utilise Alexa to support patients
Again, strong access controls are important at this level. Gateways like routers or even mobile devices (like tablets) that act as a bridge between IoHT devices and the cloud must also implement strong authentication controls to prevent unauthorized access. In addition to protection of the gateway itself via passwords or biometric locks, it would be valuable to implement a PKI check at the gateway level too. That would allow, say, a router to verify the authenticity of a device’s cryptographic key, and only then connect the device to the cloud where another key verification would be performed.
Moving past access control, gateways may be the best environment in which medical data itself can be securely packaged for transmission. Medical sensors often can’t provide enough processing power for advanced encryption, leaving data vulnerable as it’s sent to the cloud. Healthcare IT professionals can seek out specialised gateways to add an encryption step between devices in their local network and the cloud.
Devices and Users
At the edge of today’s IoHT stack, devices and users present real challenges to secure management. There are dozens, even hundreds of different types of IoHT devices and each device may be designed to a different level of security. On top of great variety in device security, it’s become very clear in recent years that users’ security habits vary greatly from person to person.
The goal for healthcare organisations is to keep devices useful for patients while making them useless for hackers. That means step one in securing IoHT endpoints is locking down the “easy” attack vectors by encrypting device IDs; avoiding default passwords and keeping devices updated; and maintaining secure network connectivity, whether via cellular or shortrange connections.
Encrypting devices and resetting passwords can be done before deployment, helping doctors and patients start their IoHT use securely. Given the breadth of healthcare IoHT networks it may be more cost and time effective to purchase devices from vendors who preemptively encrypt device IDs and provide randomly-generated passwords for initial logins, after which users can be prompted for a password reset.
Like device IDs, user identities and other personal information should also be encrypted, and – together with cryptographic keys - should be further protected in secure enclaves on devices, much like hardware security modules protect cryptographic processes at the cloud level.
If any device system outside one of these chip-level secure elements is breached, cryptographic keys “zero,” meaning the key stored on a device will not match the key in the cloud and network access won’t be granted to infected endpoints.
Using cryptography to protect data and access to information at every level leaves hackers with little opportunity to inflict harm on IoHT networks, but there is one final level of vulnerability that healthcare IT teams need to close: code.
Applications and firmware must be kept up-to-date. In vetting software or device vendors, IT teams should seek out those who provide automated firmware and software updates. This can simplify patching of security vulnerabilities, and will protect against hackers looking to take control of devices or find ways to fraudulently access the cloud through a compromised device.
It should be clear that from top to bottom, the security techniques needed to keep devices and applications useful without risking the integrity of healthcare data, or the data itself, are quite similar. But each piece must be as resilient against attacks as the next to keep hackers from exploiting any vulnerability of “the weakest link”. Building strong authentication controls and encryption into each layer of the IoHT stack can help organisations create the end-to-end security needed to keep cyberattacks at bay without hindering the performance of IoHT platforms.
Manfred Kube is Director of Business Development, mHealth at Gemalto M2M based in Germany. He is convinced that secure, wirelessly-enabled devices can assist with chronic care management, ambient assisted living, fitness and wellness monitoring and more.
Getting ready for cloud data-driven healthcare
As healthcare continues to recognise the value of data and digital transformation, many organisations are relying on the cloud to make their future-forward and data-centric thinking a reality. In fact, the global healthcare cloud computing market was valued at approximately $18 billion and is expected to generate around $61 billion USD by 2025.
At the forefront of these changes is the rapid adoption of cloud-based, or software-as-a-service (SaaS), applications. These apps can be used to handle patient interactions, track prescriptions, care, billing and more, and the insights derived from this important data can vastly improve operations, procurement and courses of treatment. However, before healthcare organisations can begin to dream about a true data-driven future, they have to deal with a data-driven dilemma: compliance.
Meeting regulation requirements
It’s no secret that healthcare is a highly regulated industry when it comes to data and privacy – and rightfully so. Patient records contain extremely sensitive data that, if changed or erased, could cost someone their life. This is why healthcare systems rely on legacy technologies, like Cerner and Epic EHRs, to manage patient information – the industry knows the vendors put an emphasis on making them as secure as possible.
Yet when SaaS applications are introduced and data starts being moved into them, compliance gets complicated. For example, every time a new application is introduced into an organisation, that organisation must have the vendor complete a BAA (Business Associate Agreement). This agreement essentially puts the responsibility for the safety of patients’ information — maintaining appropriate safeguards and complying with regulations — on the vendor.
However, even with these agreements in place, healthcare systems still are at risk of failing to meet compliance requirements. To comply with HIPAA, U.S. Food and Drug Administration 21 CFR Part 11 and other regulations that stipulate the need to exercise best practices to keep electronic patient data safe, healthcare organisations must maintain comprehensive audit trails – something that gets increasingly difficult when data sits in an application that resides in the vendor’s infrastructure.
Additionally, data often does not stay in the applications – instead healthcare users download, save and copy it into other business intelligence tools, creating data sprawl across the organisation and exposing patient privacy to greater risk.
With so many of these tools that are meant to spur growth and more effective care creating compliance challenges, it begs the question: how can healthcare organisations take advantage of the data they have without risking non-compliance?
Yes, healthcare organisations can adhere to regulations while also getting valuable insights from the wealth of data they have available. However, to help do this, organisations must own their data. This means data must be backed up and stored in an environment that they have control over, rather than in the SaaS vendors’ applications.
Backing up historical SaaS application data directly from an app into an organisation’s own secure cloud infrastructure, such as AWS or Microsoft Azure, makes it easier, and less costly, to maintain a digital chain of custody – or a trail of the different touchpoints of data. This not only increases the visibility and auditability of that data, but organisations can then set appropriate controls around who can access the data.
Likewise, having data from these apps located in one central, easily accessible location can decrease the number of copies floating around an organisation, reducing the surface area of exposure while also making it easier for organisations to securely pull data into business intelligence tools.
When healthcare providers have unfettered access to all their historical data, the possibilities for growth and insights are endless. For example, having ownership and ready access to authorised data can help organisations further implement and support outcome-based care. Insights enabled by this data will help inform diagnoses, prescriptions, treatment plans and more, which benefits not only the patient, but the healthcare ecosystem as a whole.
To keep optimising and improving care, healthcare systems must take advantage of new tools like SaaS applications. By backing up and owning their historical SaaS application data, they can do so while minimising the risk to patient privacy or compliance requirements. Having this ownership and access can propel healthcare organisations to be more data-driven – creating better outcomes for everyone.