the healthcare internet of things: rewards and risks
TRANSCRIPT
Must Build Security into Devices from the Outset Rather than as an Afterthought
The Healthcare Internet of Things: Rewards and Risks
McAfee Confidential2
Why Sponsor the Report?• Developed by the Atlantic Council• Sponsored by Intel SecurityGoals• Educate the market on the evolution
of healthcare to IoT connected devices
• Advise providers, manufacturers and governments on best way forward
• Inform on risks if security is not implemented
Age of the Possible
McAfee Confidential3
Report Provides Recommendations• Explores security challenges and societal
opportunities for networked medical devices• Provides recommendations for the industry,
regulators, and the medical profession to maximize value to patients while minimizing the security challenges originating in software, firmware, and communication technology across networks and devices
Security Must be Built-In
McAfee Confidential4
Societal Opportunities• 48% of healthcare providers have integrated
their IT systems with consumer technologies or operational technologies
• Deploying IoT in healthcare could result in $63 billion in global savings
• Less than 60% of healthcare providers have implemented security controls or a basic risk assessment for their IoT devices and networks
Healthcare IoT has Arrived
McAfee Confidential5
Benefits of Networked Healthcare• Consumer products for health monitoring - Wearable wrist bands send
health stats wirelessly to user’s phone or computer, allowing people to monitor and improve their own health.
• Internally imbedded medical devices - Doctors can remotely monitor and maintain pacemakers to identify signs of problems before a heart attack
• Wearable external medical devices - Insulin pumps can be monitored and adjusted wirelessly, giving the patient more control—and better care
Improve Fitness, Medical Outcomes and Quality of Life
McAfee Confidential6
Risks• Personal data theft - Thieves can steal personal data by intercepting
unencrypted data sent wirelessly from devices or unprotected networks• Device tampering and network disruption - If a doctor can change
settings remotely, then so could a criminal or terrorist• Accidental failures - Network or device failures could have serious
consequences for patients
We Need to Vaccinate Ourselves from Risks to Our Security and Privacy
McAfee Confidential7
Recommendations• Security must be built into healthcare ecosystem at the outset rather than as an afterthought; from
the device, to the network, to communications and data center.• Industry and government should implement an overarching set of security standards or best practices
for devices to address underlying risks• The regulatory approval paradigm for medical devices must change in order to incentivize innovations
while enabling healthcare organizations to meet regulatory policy goals and protect the public interest• There must be an independent voice for the public, especially patients and their families, to strike a
balance among effectiveness, usability, and security when the device is implemented and operated
Foster Innovation while Minimizing Security Risks