Proving the Business Case for the Internet of Things

Intel calls for more security in connected medical devices

Steve Rogerson
March 31, 2015
Networked medical devices linked to the IoT hold tremendous promise if security is built in from the outset, according to a report by Intel Security and the Atlantic Council.
The reportexplores security difficulties and societal opportunities for networked medical devices, including those that are wearable, temporarily ingested or even embedded in the human body for medical treatment, medication, and general health and wellness. It makes recommendations for the industry, regulators and the medical profession to help them increase the value to patients while reducing the security problems originating in software, firmware and communications technology across networks and devices.
Networked medical devices may improve fitness, medical outcomes and quality of life. According to the report, one estimate of these technologies could save US$63bn in healthcare costs over 15 years with a 15 to 30 per cent reduction in hospital equipment costs. However, the report found the benefits of networked healthcare came with several main areas of concern – theft of personal information, intentional tampering with devices to cause harm, widespread disruption and accidental failures.
“Networked healthcare can make the IoT very personal,” said Pat Calhoun, senior vice president at Intel Security. “When a networked medical device is connected to a person, the health information that can be exchanged may dramatically improve healthcare, but the consequences of privacy and network security intrusions are equally real. Security should be built into the whole healthcare ecosystem, from the device, to the network, to the data centre.”
The report recommends that security be built into devices and the networks they use at the outset rather than as an afterthought. Industry and governments should consider implementing a comprehensive set of security standards or best practices for networked medical devices to address underlying risks.
It says that private-private and public-private collaboration must continue to improve. The regulatory approval paradigm for medical devices may need to evolve to incentivise innovations while enabling healthcare organisations to meet regulatory policy goals and protect the public interest.
And it concludes that there must be an independent voice for the public to ensure patients and their families have a voice, the goal being to strike a balance among effectiveness, usability and security when the device is implemented and operated by consumers.