Cyber risk Wednesday: Rewards and risks of the healthcare Internet of Things

The medical industry has been evolving rapidly over the past few years, creating new technologies connected to the larger Internet with the potential to unlock benefits for both the users and the broader society. This healthcare Internet of Things, comprising personal medical devices and hospital machines, holds the promise of improving patient care, empowering the users, and cutting skyrocketing healthcare costs by an estimated $60 billion over fifteen years.

However, as the healthcare devices are as open to misuse as any other networked technology, the rewards come with difficult obstacles to ensuring the security for the patient and the society at-large. In order to examine the balance of the security challenges and societal opportunities of networked healthcare devices, on March 18, 2015 the Atlantic Council’s Cyber Statecraft Initiative gathered a group of experts for a panel discussion and an accompanied report release. Jason Healey, Director of the Cyber Statecraft Initiative, moderated the discussion between Pat Calhoun, Senior Vice President and General Manager of Network Safety at McAfee, Suzanne B. Schwartz, Director of Emergency Preparedness, Operations, and Medical Countermeasures at US Food and Drug Administration, and Joshua Corman, Chief Technology Officer at Sonatype.

The event was opened by a keynote address by Representative Diana DeGette, from the First District of Colorado, one of Congress’ leading experts on cutting-edge healthcare research. In her remarks, Rep. DeGette highlighted the need to balance the fine line between necessary oversight to assure user safety on one hand, and flexibility of regulation to enable innovation and incorporate future developments on the other. She also called for smart budgeting taking into account long-term benefits instead of short-term savings.

20150319 healthcare internet2

The subsequent panel discussion began by debating how to foster innovative ways to help industry and manufacturers to produce networked healthcare devices while effectively regulating the security of the new technologies. All panelists agreed that it is crucial to act proactively by incorporating the security aspect to the development of the products from the start, rather than adding it as a mere afterthought or a response to security breaches. The panel also discussed the importance of developing comprehensive security infrastructures instead of risk-specific and isolated protections. Further, the panelists debated the possibility of providing the industry with common security platforms to be utilized when developing new products. This would allow the manufacturers to focus on their field of specialty, while providing the users with dependable protections.

20150319 healthcare internet3

The event echoed many of the recommendations included in a report launched at the event, titled “The Healthcare Internet of Things: Rewards and Risks”. Authored by Jason Healey, Neal Pollard, and Beau Woods, the report is a collaboration between Intel Security and the Atlantic Council’s Cyber Statecraft Initiative. It explores the opportunities and challenges of networked healthcare devices with practical recommendations for governments and the health care and security industries.

Related Experts: Joshua Corman and Jason Healey