The impact of the Internet of Things can be felt across a broad spectrum of industries, touching our lives at home, in the workplace, and on our commutes between the two, in countless ways. But, where the IoT is having a particularly profound effect is the healthcare space. Cutting-edge, innovative devices like smart pacemakers, inhalers, blood pressure monitors and wellness wearables are making it easier than ever to track and catalog personalized health data – data that can be leveraged for better doctor diagnoses and patient outcomes.
As the Internet of Things continues to radically reshape the healthcare world, and do so at an increasingly faster pace, it’s imperative that IoT engineers are not rushing their devices to meet these burgeoning market demands – and, in that rush, neglecting essential device security concerns that may be putting users’ data at serious risk.
Where healthcare IoT may infringe on user privacy
Cyberattacks like the recent security exploits Spectre and Meltdown have put new names to longstanding issues with connected devices – namely, the risk of sensitive user information being compromised because of design vulnerabilities outside of their control. These risks are especially acute in a shared infrastructure like healthcare IoT, where patient data isn’t just being handled by patients, but countless other touchpoints among doctors, administrators, insurers and so on.
What Spectre and Meltdown illustrated was that vulnerabilities far outside of users’ control or awareness can have immense consequences for their own privacy. Connected devices that collect or manage users’ medical data may be running on processors vulnerable to current or future exploits like Spectre and Meltdown – a design flaw that most involved would have no idea about but puts their information at risk for data hacking or harvesting all the same.
Other stories, like the FDA’s 2017 recall of almost 500,000 pacemakers over command and control risks, also highlighted how the connectivity element of healthcare IoT devices invites the potential for bad actors. Pacemakers are not nice-to-have luxuries; for the patients who need them, they’re literally matters of life and death. The idea that hackers may be able to backdoor their way into hijacking these devices for their own means is incredibly troubling.
Adopting a proactive stance on healthcare IoT security
But, for all the security risks and vulnerabilities posed by healthcare IoT devices, there’s a lot that can be done to address and rectify these concerns right out of the gate. Developers and engineers can take a more proactive stance here, by building robust cybersecurity protections into their designs from the beginning. These protections have to rely on interconnected layers of hardware and software.
On the hardware level, this can span secure key storage, random number generators, hashing functions and cryptographic accelerators, to name a few examples, that should be integrated into IoT systems on a chip (SoCs). These hardware blocks are key for any device’s security – but, they’re also functionally useless without a layer of equally sophisticated software protections to go with them. Encryption, authentication and secure booting are a few critical software services that should be prioritized for integrating within the architecture of the security hardware.
The IoT can be a double-edged sword – on the one hand, leveraging connections across countless devices for better collection and application of user data; on the other hand, having this data trade hands so often that it introduces sensitive information to new security risks. This dichotomy feels especially potent in the healthcare space, where the data being collected, leveraged and possibly compromised pertains to our health and well-being. The IoT is offering promising new breakthroughs in the health and medical world, but we can’t overlook its potential security concerns and must address the threats through serious and proactive security engineering.
About the author: Mark de Clercq, Director, Low Power Connectivity, Dialog Semiconductor, joined the company in 2007 as Product Marketing Group Manager. Prior to this, he was a design engineer at Phillips Electronics and held research and teaching posts at McGill University.
Edited by
Ken Briodagh
