{"id":16219,"date":"2015-07-27T12:17:22","date_gmt":"2015-07-27T12:17:22","guid":{"rendered":"http:\/\/www.businesscloudnews.com\/?p=231422"},"modified":"2015-07-27T12:17:22","modified_gmt":"2015-07-27T12:17:22","slug":"iot-security-and-the-world-of-us-medicine","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/iot-security-and-the-world-of-us-medicine\/","title":{"rendered":"IoT security and the world of US medicine"},"content":{"rendered":"
\"IoT<\/a><\/p>\n

IoT in healthcare faces its fair share of challenges<\/p>\n<\/div>\n

Internet of Things security is anything but a homogenous concept. It is, rather, extremely dependent on the type of products being developed and \u2013 in many cases \u2013 the sort of regulatory restrictions they are subject to.<\/p>\n

Of all the sectors where IoT is proliferating, however, it is arguably medical that is the most fraught. In medical IT, developers have to operate in a minefield of intense regulation, life and death safety issues, and an unusually high (and of course very much unwelcome) degree of scrutiny from hackers.<\/p>\n

The hacking of medical data is a popular criminal enterprise, particularly in the US, where just last week UCLA Health hospitals say hackers may have accessed personal information and medical records of as many as 4.5 million patients.<\/p>\n

However, while no-one would be overjoyed at the thought of something as intimate as their medical records falling into the hands of digital crooks, it is arguably the patient who has the least to worry about here. The main targets of medical data theft are US insurance companies and the institutions that administer Medicare. In the US, patients usually collect medication and leave it to pharmacists to bill the insurance companies.<\/p>\n

A single refill for five months\u2019 medication can easily add up to a few thousand dollars, so the rewards for effective fraud \u2013 with hackers posing as pharmacists \u2013 are large. Insurance companies, of course, foot the bill, while for those impersonated the results can cost time, stress, and in worst case scenarios a potentially dangerous delay in securing their medication.<\/p>\n

It\u2019s just one example of why security around medical data \u2013 medical IoT\u2019s bread and butter \u2013 has to be so tight.<\/p>\n

Someone extremely familiar with the territory is Sridhar Iyengar, one of the founders of AgaMatrix. At AgaMatrix, Iyengar\u00a0 helped develop the first iPhone \u2013connected medical device, a glucose monitor called iBGStar, then a revolutionary innovation for diabetes sufferers.<\/p>\n

Nowadays Iyengar\u2019s focus is on Misfit, a wearables company focussing on fitness rather than illness, but he is still deeply involved with issues surrounding IoT, health, and security. In September, he will attend Internet of Things Security conference in Boston as a keynote speaker, where he will draw on his expertise in diabetes to illustrate the wider challenges confronted by developers in the realm of medical IoT.<\/p>\n

\u201cThe Holy Grail in this world of diabetes is what they call an artificial pancreas,\u201d he says, \u201cmeaning that, if you can sense how much glucose is in your blood, you can pump in the right amount of insulin to automatically regulate it. Nobody has made a commercial version of that. Partly because the folks who make a glucose sensor are different to the folks that make the pumps and it has been\u00a0 difficult for the two to cooperate due to trade secrets and the complexities of sharing the liability of devices from different manufacturers that must work in unison. The patients are left to suffer.\u201d<\/p>\n

In one famous incident, this frustrating discontinuity was first overcome by a \u201ccitizen scientist,\u201d a father who hacked his diabetic child’s\u00a0separate devices and was able to link the two together. While this was never marketed, it signalled that the race for a commercially viable artificial pancreas was very much on. However, while no-one would resent such intrepid ingenuity on the part of the \u201ccitizen scientist,\u201d Iyengar points out that it is also demonstrates the devices in question were very much hackable.<\/p>\n

\u201cIf somebody hacks into an insulin pump you could kill someone,\u201d he says. \u201cThey overdose, they go into a coma, they die. None of these insulin pump manufacturers are going to open source anything: they can\u2019t, because of the deadly consequences of someone hacking it.\u201d<\/p>\n

Ultimately, it will prove an interesting challenge to future regulators to establish precisely where to draw the line on issue such as this. Still, the capacity for others to easily take control of (for instance) a connected pacemaker is bound to generate a degree of concern.<\/p>\n

Many of these issues are complicated by existing regulations. The US Health Insurance Portability and Accountability Act (HIPAA) requirements state that medical data can only be shared after it has been completely anonymised, which presents something of a paradox to medical IoT, and frequently requires complex architectures and dual databases, with pointers enabling healthcare professionals to blend the two together and actually make sense of them.<\/p>\n

Issues like this mean developers can\u2019t rely on industry standard architectures.<\/p>\n

\u201cYou can\u2019t rely on this network immune system that exists in the consumer software space where many different parties are vigilant in monitoring breaches and bugs because multiple vendors\u2019 code is used by a product,\u201d says Sridhar, picking an apt metaphor. \u201cIf you want to develop security related features you kind of have to do it yourself.\u201d\u00a0 In turn this means that, if there are breaches, you have to address them yourself. \u201cIt raises this interesting dilemma,\u201d he says. \u201cOn the one hand the way that software\u2019s written in the medical field, it\u2019s supposed to be more safe. But in some situations it may backfire and the entire industry suffers.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"

Of all the sectors where IoT is proliferating, however, it is arguably medical that is the most fraught. In medical IT, developers have to operate in a minefield of intense regulation, life and death safety issues, and an unusually high (and of course very much unwelcome) degree of scrutiny from hackers.<\/p>\n","protected":false},"author":149,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1989,1990,2278,893,1991,1909,3089],"tags":[],"class_list":["post-16219","post","type-post","status-publish","format-standard","hentry","category-enterprise-it","category-features","category-healthcare","category-internet-of-things","category-interviews","category-iot","category-medical-services"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16219","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/149"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=16219"}],"version-history":[{"count":2,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16219\/revisions"}],"predecessor-version":[{"id":16233,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/16219\/revisions\/16233"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=16219"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=16219"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=16219"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}