This network holds tremendous promise. It’s turning our everyday physical world into an information-gathering web that, if leveraged correctly, would harness data that could be used to improve many aspects of our lives, particularly healthcare.
According to an article written by analysts with consulting firm McKinsey & Company, “The widespread adoption of the Internet of Things will take time, but the time line is advancing thanks to improvements in underlying technologies. Advances in wireless networking technology and the greater standardization of communications protocols make it possible to collect data from these sensors almost anywhere at any time.”
As much promise as the IoT holds, however, there’s also a significant amount of risk, especially with wearable or implantable medical devices. A new report prepared by the Cyber Statecraft Initiative at the Brent Scowcroft Center on International Security at the Washington, D.C.-based Atlantic Council, in partnership with Intel Security, claims that the benefits only will be realized if security is built into medical devices from the outset.
The report, titled “The Healthcare Internet of Things: Rewards and Risks,” explores security challenges and society’s opportunities for networked medical devices, including those that are wearable, temporarily ingested or even embedded in the human body for medical treatment, medication, and general health and wellness. The report makes recommendations for industry, regulators and the medical profession to help them maximize the value to patients while minimizing the security challenges originating in software, firmware, and communications technology across networks and devices.
Networked medical devices have the potential to improve fitness, medical outcomes and quality of life. According to the report, one estimate of these technologies could save $63 billion in healthcare costs during a 15-year period with a reduction (of 15 to 30 percent) in hospital equipment costs. However, the report finds the benefits of networked healthcare come with several areas of concern: theft of personal information, intentional tampering with devices to cause harm, widespread disruption and accidental failures.
“Networked healthcare can make the Internet of Things very personal,” said Pat Calhoun, senior vice president and general manager, Network Security, at Intel Security. “When a networked medical device is connected to a person, the health information that can be exchanged may dramatically improve healthcare, but the consequences of privacy and network security intrusions are equally real. Security should be built into the whole healthcare ecosystem, from the device, to the network, to the data center.”
The report provides several recommendations intended to help foster innovation while reducing security risks, including:
- Security should be built into devices and the networks they use at the outset rather than as an afterthought;
- Industry and governments should consider implementing a comprehensive set of security standards or best practices for networked medical devices to address underlying risks;
- Private-private and public-private collaboration must continue to improve;
- The regulatory approval paradigm for medical devices may need to evolve in order to create better incentives for innovation while enabling healthcare organizations to meet regulatory policy goals and protect the public interest; and
- There must be an independent voice for the public to ensure that patients and their families have a voice, the goal being to strike a balance among effectiveness, usability and security when the device is implemented and operated by consumers.
It used to be that when medical device makers and regulators talked about device safety, they meant the likelihood of a device physically harming a patient during normal use. Now, for some devices, the discussion will include cyber safety. A growing pain for sure, but also an opportunity for savvy companies—device firm or supplier—to lead the discussion.
Now, if you’ll excuse me, I think my Fitbit needs a battery.