Trusting in technology: the need for greater assurance in connected health July 11, 2018 Jon Geater | CTO, Thales eSecurity More About This Author > Whether offering instant access to patient records, allowing remote diagnosis of treatment, or giving access to lifestyle management and monitoring apps, it’s undeniable that the Internet of Things (IoT) and connected services are revolutionising the healthcare industry. Working to improve operational efficiencies and deliver a greater level of care, the now-dubbed ‘Connected Health’ market has grown to such an extent recently that it is expected to be worth more than £450 billion by 2024. However, as the number of connected devices continues to grow, so too does the size of the attack surface and the complexity of the networks involved. According to the 2018 Thales Data Threat Report, two in five global healthcare organisations (39%) experienced a data breach in the last year, and that’s using today’s relatively modest and well-understood web systems. Adding personal medical devices, home monitors and the like will undoubtedly bring both health and commercial benefits, but if one perimeter can’t be reliably defended how can we protect 1,000, 10,000 or even more? When you consider the potential value of the personal information held within and shared between these devices, it’s perhaps unsurprising to learn that healthcare is now the most targeted of any industry. NHS patient records contain little more than basic personal details alongside a patient’s medical history, for example, but Electronic Health Records (EHR) in the US are far more detailed, and contain valuable information including a patient’s credit card and social security number. The theft of a patient’s personal information can be traumatic, of course, but when lives are at stake, the consequences of a data compromise can be unthinkable. Consider, for example, what may have happened had we not had the FDA’s recall and update of 465,000 connected pacemakers in the US last year, which patched a potentially exploitable vulnerability in those devices. It’s critical, therefore, that the right data from the right consultant goes to the right device to instruct it to perform the right procedure, or administer the precise amount of medication to the right patient. There must be no question at any point over the integrity of the data or the medical device itself. Patients and practitioners alike require a level of assurance that the technology being implemented is secure, and that all and any data being transferred is safe from compromise. Encryption, for example, with strong key management is fundamental to preserving the confidentiality of data stored on, and shared by, medical devices. Thales’s recently announced partnership with Device Authority will offer this assurance, authenticating any new device hardware, establishing a root of trust and identity of any devices on the network, and providing managed end-to-end encryption to ensure the integrity of the data upon which they rely. From reducing costs and increasing efficiency, to encouraging more healthy living and reducing margin for error, there’s no doubting that the innovative application of technology in healthcare is improving the service that patients receive. At the same time, however, the number of opportunities for cyber-criminals is growing, along with the risk of compromise. When this has the potential to impact patients’ lives as well as their personal information, healthcare providers should take every possible step to minimise that risk, making sure that all their devices are trusted and secure. For more information, please read Thales eSecurity’s Healthcare IoT Security Blueprint. You can also leave a comment below, or follow us on Twitter, LinkedIn and Facebook.