author photo
By Bruce Sussman
Wed | Sep 27, 2017 | 11:52 AM PDT

It was the weekend when our son got sick, and so off we went to  urgent care.

This particular urgent care is run by a hospital network with medical centers in several states.

The doctor used all kinds of devices from the miraculous Internet of Medical Things that connected to my son’s digital chart: a temperature sensor, the heart rate/blood oxygen thing with the red light on his finger, and an electronic blood pressure reader.

Each marvel of the IoMT was pumping out data to be stored on the network—and doing it faster than ever before.

Our son will be fine.

But what about his data? And what about yours?

The Internet of Medical Things: What we don’t know can hurt us

I bring this up because I’m recently back from SecureWorld Detroit where "The Privacy Professor," Rebecca Herold, delivered the keynote on the growing risk to our privacy because of IoMT devices. 

privacy-professor-speaking.png

“There are now implanted devices, ingestible devices, wearable devices," she told her audience. "And keep an eye out for these: Nanomedical machines. Some of them can even drill into cancer cells. Who has access to these? What if someone controls those to attack healthy cells instead of cancer cells?”

What a thought.

And the hundreds of cybersecurity professionals in the room were eerily quiet.

Data and privacy questions without answers in the Internet of Medical Things

Herold gave examples that showed a vast ocean of data exists, like never before, because of the IoMT. And that’s when she asked some tough questions about privacy and the Internet of Medical Things.

“How many devices are there in the IoMT? We don’t really know,” she said.

“With how many computing devices are they sharing data? We don’t really know.

“How many parties have access to this data? We don’t really know.” The hits keep on coming.

“What decisions are being made with this data? We don’t really know. It could potentially be used by law enforcement, lawyers, insurers....”

How patients (all of us) can help drive security in the IoMT

At the end of her presentation, I came away with the feeling that the unknowns can become known. And that our insecure medical data can become secure.

But only if we all will play a part in this the next time we are at the doctor.

Herold told the room it is essential we ask our doctors about how secure specific devices are and what they know of the data protection efforts in place. That is the only way doctors will know that patients, the true end-users, care about privacy and cybersecurity.

This will lead to conversations between doctors and sales reps for IoMT devices. And if sales is catching an earful that security matters to customers, then the pressure will build to build better security into the devices.

That makes it possible for us to overcome what Herold calls the largest problem with IoT and IoMT devices.

"There often is no consideration of, let alone controls engineered into, the devices from the get-go. Too many have basically shrugged and said, 'That’s not our problem; those using them must build their own security around the use of the devices.' This attitude must change if the vendors expect to have their devices be successful and widely used," she said.

She believes many device manufacturers are making an assumption right now: if no one (doctors, reps, designers, engineers) in the chain is hearing about cybersecurity, then doctors and patients don't really care about it.

We have the power to change that assumption.

Thanks to Rebecca Herold for sharing that we are in this fight together for medical privacy and cybersecurity. 

By asking questions, we can collectively make a difference in the IoMT.

Even if those questions are after hours at an urgent care near you.

Comments