Channel Players Step Up To Address IoT Security Concerns In Health Care

As more medical devices become connected, the health care market is turning to channel partners for security services and the vertical market knowledge they need to get the most out of Internet of Things applications.

"Solution providers in the health care area have an opportunity in ... in securing [connected devices] and following the physical, technical and administrative requirements of HIPAA," said Steve Meek, co-founder and president of The Fulcrum Group Inc., a Keller, Tex.-based solution provider.

Health care is a lucrative market for IoT applications – research firm Markets and Markets predicted that IoT in the health care market is expected to grow from $32 billion in 2015 to $163 billion by 2020.

[Related: IoT Channel Chronicles: How Function1 Used IoT To Make A University's Campus Police More Effective]

Sponsored post

Meek said that IoT opportunities are skyrocketing for the health care market as hospitals and other health care customers are using IoT applications to improve real-time patient engagement, remote monitoring, chronic disease management, medication management, and increase operational efficiency.

Despite the benefits of IoT technologies for the health care market, security is still top of mind for customers – a concern that is triggering health care professionals to seek out channel partners who understand the ins and outs of the vertical market's strict requirements and guidelines.

"The inverse relationship between enablement and security means that an industry already plagued by security challenges could be impacted by even more," said Meek. "More devices that are attached to the network means a larger attack surface for attackers. Devices that are not centrally managed are harder to maintain."

HIPAA compliance poses another challenge for health care customers trying to implement IoT applications. However, the channel's vertical knowledge of HIPAA regulations will be a vital point of differentiation as they help customers conduct a comprehensive risk analysis.

"Security is the number one conversation throughout [health care IoT applications], because of HIPAA guidelines," said Brian Blanchard, vice president of Cloud Solutions at Chicago, Ill.-based 10th Magnitude.

"In the healthcare space, there is a high degree of security from everything from the individual device that might be monitoring blood pressure, to the gateway and how it registers with the central data systems, so you can tell, confidently, that you're getting the blood pressure from the right patient," Blanchard said.

Solution providers have an array of opportunities to help customers in the health care space – such as creating secure network designs that compartmentalize IoT devices from other parts of the network that contain electronic protected health information (ePHI). They can also work with their health care clients to develop proper decision criteria for new solutions, and they can conduct vulnerability assessments against IoT devices to check for other potential security issues.

10th Magnitude provides security audits for customers in the health care market– including one California-based medical supplier, which developed an IoT solution to help doctors collect and monitor health data from connected scales and blood pressure cuffs in nursing homes.

After an initial audit, the solution provider found two big security gaps in the healthcare customer's solution. There was no device handshake when the data was pushed up to the server, meaning that there was no guarantee that the data was going where it was supposed to go. Also, the server didn't know that the devices pumping in data were approved devices.

"Originally, their device made the same assumption that a lot of devices do, which is that if I can plug the URL in the cloud and can toss data up to it, and its encrypted data – then it's secure. But what we pointed out to them was that there are two big security gaps there," said Blanchard. "Those were two really big security gaps we were able to fill in with the [Microsoft Azure] IoT suite and the device registration component to that."

In the case above, a solution provider stepped in and helped fix a security issue before it became a bigger problem. In the same way, solution providers can broaden their service offerings for health care clients, especially as hospitals gain a better understanding of how IoT security breaches can affect their systems.

"There already have been massive [attacks] against network cameras, like the one in October of last year that took down service provider Dyn and parts of the Internet. While this attack only took down parts of Amazon, Twitter and Netflix, imagine the same kind of attack against a hospital," said Meek.