Source: Pixabay
What is the number one problem with internet of things (IoT) devices? Security vulnerability. Many devices that are part of the IoT universe are smart enough to send information but not complex enough to have security of their own. This means in your home, without the right controller, your smart light bulb could be a gateway to the rest of your network.
Fortunately, most of these devices offer reasonable security. For instance, Philips Hue Smart Bulbs are controlled by a central hub, without which the bulbs will not work, and the security is contained in that hub. What about wearables, mobile devices, and even more sensitive data?
Consider the Fitbit or other Smart Watches connected to your phone. How often are they connected to public Wi-Fi? Many are accessed through Bluetooth technology, which has its own vulnerabilities. Add to that doctors and nurses using app-based tablets to access electronic health records (EHR) data, and we see the need for ethical hackers to focus on the security of mobile devices, wearables, and other areas where security vulnerability directly intersects with healthcare data — and devices must be HIPPA compliant to be useful at all.
Integrated Care and Data Protection
The more healthcare data we have — the more we can gather from wearables and other sources — the more we see the need for integrated care. “It’s challenging to bring together behavioral and primary health,” Sophia Murphy, a doctor of behavioral health, explains when talking about the need for integrated care. She goes on to explain: “We are developing programming that spreads integration to other sites. Right now we’re in this phase of collecting data and outcomes to show what we’re doing is working. The next phase is being able to walk the walk and talk the talk so we can work with other disciplines and show that when we do come together, our patients are healthier and happier.”
This sharing of data comes with its own risks. Data at rest is much easier to encrypt and protect than data in transit, regardless of the means by which it is sent. The more individuals who have access to data in a single location, the higher the risk of human errors leading to security breaches.
In addition, there is the factor of “need to know.” While primary health and behavior health practitioners need to work together to provide better overall patient health, not every piece of data is relevant, and some data might even skew a diagnosis to either side of the medical spectrum.
Much like social data, which many feel should have the same or at least similar protections to medical data, this information is powerful, but it can just as easily create problems and be stolen maliciously, as it can be useful for treatment. This a new era of privacy, one controlled by the patient and the social media user, but enabled by the programs and software we use every day to secure that data.
Wearables, Mobile Devices, and HIPAA
As mentioned above, wearables and mobile devices are commonplace and being used for a variety of purposes. Apple just concluded a heart study in cooperation with Stanford University using data volunteered by Apple Watch users. The study detected irregular heartbeat events, even those related to serious heart conditions, in an effort to see if effective diagnosis could be achieved remotely. Given this data, medical professionals could warn patients about potential risks in real time.
What about the security of such devices? Much like modern phones, watches connect to public Wi-Fi and to other devices via Bluetooth. They contain detailed personal and medical information. If they transmit that information to medical professionals, who has the responsibility to protect that data while it is in transit? This is where the focus of security development must be as we look to the future of telemedicine, more sophisticated wearable devices, and remote diagnosis and monitoring. Some of the top app developers in IoT are focused on exactly that.
HIPAA decrees that medical professionals must keep patient data confidential. Similar standards must be applied to wearable and other devices to ensure data is protected while at rest on the device and in transit to those receiving it.
The Potential Solutions in Blockchain
The reason healthcare data is so targeted by hackers is that it is rich in information they want. They can take that information and either sell it, create fake identities, or use it for ransomware attacks. With a name, social security number, address, and family history a hacker can do a lot.
One solution being explored by many healthcare providers is the unique security offered by the blockchain. Essentially, smart contracts are embedded in digital code and stored in transparent, secure databases. The data stored there cannot be deleted, modified, or tampered with in other ways.
At present, around 15 percent of healthcare applications have adopted blockchain technology for commercial deployment, but that number is expected to rise to 55 percent by 2025. Ethereum’s open source platform, HealthHeart, is one such platform that not only gives physicians access, but also gives patients the ability to see who is accessing their records and for what purpose.
Whatever the future of blockchain as a healthcare security solution, how the IoT interacts with that blockchain, and what effect that has on integrated care are all things that remain to be seen, but one thing is clear: Ethical hackers and programmers must focus on the devices most being used to access and transmit this data, and that means mobile devices and wearables will likely be a focus for a long time.