Security risks of networked medical devices
Networked medical devices linked to the Internet of Things (IoT) hold tremendous promise if security is built in from the outset, according to a new report by Intel Security and the Atlantic Council.
Networked medical devices may improve fitness, medical outcomes and quality of life. One estimate of these technologies could save $63 billion in healthcare costs over 15 years with a 15-to-30 percent reduction in hospital equipment costs. However, the benefits of networked healthcare come with several main areas of concern: theft of personal information, intentional tampering with devices to cause harm, widespread disruption and accidental failures.
“Networked healthcare can make the Internet of Things very personal,” said Pat Calhoun, Senior Vice President and General Manager, Network Security at Intel Security. “When a networked medical device is connected to a person, the health information that can be exchanged may dramatically improve healthcare, but the consequences of privacy and network security intrusions are equally real. Security should be built into the whole healthcare ecosystem, from the device, to the network, to the data center.”
Recommendations intended to help foster innovation while reducing security risks, including:
- Security should be built into devices and the networks they use at the outset rather than as an afterthought.
- Industry and governments should consider implementing a comprehensive set of security standards or best practices for networked medical devices to address underlying risks.
- Private-private and public-private collaboration must continue to improve.
- The regulatory approval paradigm for medical devices may need to evolve in order to better incentivize innovations while enabling healthcare organizations to meet regulatory policy goals and protect the public interest.
- There must be an independent voice for the public, to ensure patients and their families have a voice, the goal being to strike a balance among effectiveness, usability, and security when the device is implemented and operated by consumers.