As Apple and Google launch their first health-monitoring apps, Gary Newe examines these new technologies’ vulnerability to cyber-attacks, and explores how two industries can work together to safeguard sensitive medical data
The race is on. A few months ago, Apple set pulses racing with the launch of its new Health application – a multi-purpose, data-aggregating hub for health and wellness data from multiple platforms, sensors and partners. This was then followed by much fanfare and speculation about the possible health benefits of the Apple Watch, which is due to ship next year.
Fellow tech giant Google is also limbering up to enter the healthcare fray with Google Fit, which is also questing for an integrated, networked approach to diagnostics by getting wearables and other data-yielding devices to engage in constructive dialogue.
Both have aspirations to sync with the wider healthcare ecosystem, with Apple already buddying up with the Mayo Clinic to determine how the Health app – and the accompanying HealthKit API – can benefit doctors and patients alike.
These are, of course, just the latest compelling additions to the Internet of Things’ (IoT) sprawling and interconnected hospital wing. Hardly a day goes by without arrays of shiny new kit coming online; recent solutions gaining the ‘smart’ prefix include everything from diapers and insulin monitors to sensors tracking whether medication is adequately ingested and absorbed.
The big hope for healthcare providers worldwide is that hospitals stand to benefit from an operational efficiency shot in the arm, with IoT as an ally on the ward.
Remote monitoring and support can slash critical equipment downtime; real-time monitoring ensures supplies are sufficient; and doctors can schedule their time with unprecedented precision. These are just the tip of the iceberg, with the benefits from being able to more accurately monitor patients opening up a whole new era of predictive and highly effective healthcare.
But there are also reasons to be cautious – and for providers to ensure they have patient safety at the forefront of any developments. The US Food and Drug Administration is on the ball. In late 2013 it recognized 25 standards that collectively help support medical-device interoperability and cybersecurity. It is an astute move, as proven by a recent PricewaterhouseCoopers study which highlighted a $30bn annual cost-hit to the US healthcare system due to inadequate medical-device interoperability.
The Department of Homeland Security is also investigating two-dozen cases of suspected cybersecurity flaws in medical devices that officials fear could be exploited by hackers. The ability to control these medical devices can be detrimental to the patient, creating problems such as instructing an infusion pump to overdose a patient with drugs, or forcing a heart implant to deliver a deadly jolt of electricity.
As the healthcare sector seeks to jump on the IoT bandwagon in earnest, it will inevitably have to steel itself for new dimensions in real-time data security. Cloud and smart device adoption will require massive shifts in accountability and policy development, and the flow of data has to be rapid, robust and secure.
Medical device manufacturers will need to work with security experts to protect data and other vulnerabilities that hackers can use to expose confidential data. This begins with the data center and keeping medical data stored there secure and encrypted. The healthcare industry already has to adhere to stringent regulatory requirements, so working with the right security vendor is of utmost importance.
While the transformational journey may seem daunting in scale, the IoT’s burgeoning healthcare compatibility represents a thrilling and powerfully humanized convergence of technologies. Where we once only monitored, we will soon be able to predict and counsel before issues arise. Where high-tech care and consultancy were once confined to the clinic, they are now entering our homes and reaching developing countries from afar.
About the author
Gary Newe joined F5 Networks in 2007 and has been a technical director for over a year. His role includes working with channel and SI partners as well as working directly with larger customers on a range of F5-specific solutions. Gary is a Certified Information Systems Security Professional (CISSP) and also holds CCSE, CCNA and NSA certification. He is an active blogger on security challenges and application delivery. Previously, he worked at Siemens, Entropy and Alcatel, and has over a decade of experience in the network industry.