The Internet of Things (IoT) is upon us and it is not only moving into our homes through our networks and refrigerators, it is also moving into our bodies through networked medical devices. Wearable, temporarily ingested, or even embedded devices for medical treatment, medication and general health and wellness represent the future of healthcare. The advancements can come in the form of high-tech medical equipment like insulin pumps and pacemakers, but they can also be the Fitbits and other health monitoring devices commonly found on the wrists and in the pockets of the general public.
There is no doubt that networked healthcare offers numerous benefits, not only to the individuals involved, but to the healthcare industry as a whole — one estimate notes that these technologies could save $63 billion in healthcare costs over 15 years with a 15-to-30 percent reduction in hospital equipment costs. But if security is just an afterthought, and the technologies greatly outpace their protection, then we’ll be exposing the entire healthcare ecosystem to risks.
McAfee and the Atlantic Council flesh out these risks, as well as the challenges in a new report, which also provides recommendations for industry, regulators and the medical profession as a whole.
The report finds that the benefits of networked healthcare come with several main areas of concern:
- Intentional Tampering – Cyber criminals could exploit flaws in medical devices and networks causing harm to individuals, such as forcing an insulin pump to overdose a patient or instructing a heart implant to deliver a deadly jolt of electricity.
- Widespread Disruption – Worse than scenarios of targeted killings – but also far less likely – is the threat of widespread disruption. Theoretically, a piece of targeted malware could spread across the Internet, affecting everyone with a vulnerable device.
- Accidental Failures – The vulnerabilities of networked medical devices aren’t limited to criminal intent—like any other technology, they are prone to failure.
- Privacy Violations – Malicious online hackers consider healthcare information especially valuable, making the devices and networks that exchange this information targets for attack.
The balance is to foster innovation while reducing security risks, and the report provides several recommendations aimed at just that:
- Security should be built into devices and the networks they use at the outset rather than as an afterthought.
- Industry and governments should consider implementing a comprehensive set of security standards or best practices for networked medical devices to address underlying risks.
- Private-private and public-private collaboration must continue to improve.
- The regulatory approval paradigm for medical devices may need to evolve in order to better incentivize innovations while enabling healthcare organizations to meet regulatory policy goals and protect the public interest.
- There must be an independent voice for the public, to ensure patients and their families have a voice — the goal being to strike a balance among effectiveness, usability, and security when devices and networks are implemented and operated by consumers.
Networked healthcare makes IoT very personal. The consequences of privacy and network security intrusions are real, but if we can get security and policy right, the health information that can be exchanged when devices and networks are connected to a person may dramatically improve healthcare for all.
On March 26th, The Atlantic Council and McAfee will host a webinar to discuss the foundation of secured networked medical devices and their data. The live webcast will start at 2 p.m. EST (11 a.m. PST), and all types of business interests are encouraged to join.