ÃÛÌÒTV

Healthcare Security 07-22-2015

Healthcare: From Privacy to Security

Mike Nelson

The benefits of networked medical devices are impossible to deny. These devices, such as insulin pumps, pacemakers, and other monitoring systems, allow doctors to remotely monitor the health of their patients in a non-invasive way. They can also transmit a patient’s vitals and other pertinent information directly to a doctor, so they can monitor their high-risk patients and ultimately prevent adverse health issues.

Like all technological advances, these benefits come with risks. HIPAA regulations have helped the industry focus on keeping sensitive patient information private.Ìý Since it’s passing in 1996, the industry has made great improvements regarding the privacy of data.Ìý However, . These privacy regulations are a step in the right direction for health information technology, but they have not done enough to keep this information protected from hackers.

Unsecured medical devices could be the single greatest threat to the future of healthcare technology, putting at risk patients’ personal information (PPI), patients’ health, and healthcare organizations.

Risks of Unsecured Networked Medical Devices

Patient Personal Information

Protecting patient information is a high priority in today’s healthcare. Today, , storing and transmitting PPI, which includes DOB, SSNs, credit card credentials, and insurance information. By not encrypting communications from one networked medical device to another, a hacker could steal a healthcare employee’s login credentials, log in to a hospital’s connected ecosystem, and exfiltrate PPI, . These data breaches are time-consuming and can be financially devastating for a healthcare organization.

Patient Health Risks

Health risks to patients are another reason that networked medical devices must be secure. Recently, researchers found that a hacker could , giving them the ability to administer fatal doses to patients. Likewise, in mid-2013, security researcher explained how he was able to .

Networked medical devices are not the only devices within hospitals; other connected devices within a hospital could indirectly affect patient health. For example, a hacker could accessÌýa system of connected refrigerators that store vaccines. The hacker could raise the temperatures of the refrigerators therebyÌýtampering with the effectiveness of the vaccines. The likelihood of this scenario actually happening is small, but it is possible

PKI Offers Solutions

PKI is a proven method. It helps protect patients and healthcare organizations alike through both encryption and authentication. PKI encrypts communications transmitted over a network, preventing a potential hacker that could intercept these communications from being able to use them.

Authentication helps secure networked medical devices by only allowing other authenticated users to issue commands to the device. Take the example of the system of connected refrigerators I used earlier. If the system of connected refrigerators were secured using a digital certificate, any hacker attempting to connect to that system and issue commands would be unable to do so without an authenticated certificate.

Ultimately, PKI is a proven solution for protecting the millions of networked devices coming into the market.

Using PKI to secure devices is something ÃÛÌÒTV has been doing for over a decade. We issue security certificates to servers, fax machines, and other devices connected to the Internet and have a perfect record of security in this area. In reality, the new IoT movement isn’t a new era, we have simply given it a new name because of the number of connected devices that are emerging.

We have focused too long on privacy issues, and while important, privacy doesn’t matter if your data isn’t secure. Data security should be at the top of any healthcare executive’s priority list.

UP NEXT
PKI

3 Surprising Uses of PKI in Big Companies and How to Ensure They Are all Secure

5 Min

Featured Stories

07-03-2024

What is a CA’s Role in delivering digital trust?

11-27-2024

6 actionable ways to secure the IIoT at every stage

Tracking the progress toward post-quantum cryptography

The state of PQC since the publication of FIPS 203, 204 and 205