Securing Remote Health Care Post-COVID-19

The global pandemic has accelerated technology trends across several industries, and health care is no exception. As social distancing increases, telehealth and remote patient monitoring are becoming increasingly common. According to the CDC, telehealth visits increased by 154% in March 2020.

Health care environments in hospitals and homes are also becoming increasingly connected, with new IoT devices, more sensors and soaring amounts of data. In a recent IEEE survey of 350 CIOs and CTOs, 42% stated that they had expedited the adoption of IoT technologies due to the pandemic.

Yet even before the COVID-19 crisis emerged, hospitals and other health care facilities were moving forward rapidly on a digital transformation journey. A flood of new devices and software – like wearable technologies, remote IV pumps and monitoring devices and mobile apps – have been improving health care delivery for years. However, at the same time, they have dramatically increased the complexity of network environments. The changes wrought by the pandemic-driven global health care crisis have only increased the pressure on IT teams at health care facilities.

As health care providers established more connections in more locations, the result has been a broader threat landscape. The explosion in new devices and more sophisticated technology in homes has created some tempting targets for bad actors. According to one report, 560 healthcare facilities were victimized by ransomware attacks in 2020.

These trends are especially troubling for smaller health care providers. Most physicians and small practices have limited access to IT resources and minimal security expertise. Their focus is on patient outcomes, and they cannot be expected to understand the latest security threats and best practices to minimize risk. However, as health care environments have become increasingly connected and more difficult to monitor and manage, maintaining trust and ensuring the security of every device and system is now more critical than ever.

As Environments Become More Connected, PKI is Essential

Connected health care environments and IoT applications pose a variety of security risks that must be addressed. Mobile connections may be insecure, user authentication may be insufficient and transport encryption may be poorly implemented or, worse, nonexistent.

To safeguard patient data, protect their environments and comply with HIPAA and other government and industry regulations, health care providers require a strong level of data integrity, authentication and encryption support.

Private key infrastructure (PKI) has proven itself to be a trusted security solution that can provide robust security for connected devices. It enables:

  • Data integrity, which gives healthcare providers confidence that the data they are working with can be trusted. Code signing certificates can be used to sign any data that is passed between devices, including over-the-air updates to the device’s firmware, to ensure the full integrity of sensitive health care information. FDA pre-market guidance places a high value on data integrity, as well as secure solutions that can enable it.
  • Authentication of users, systems and devices for telehealth and other applications is critical. PKI does not require password policies, tokens or other user-driven processes, and can provide authentication without user intervention. It enables IoT solutions to directly authenticate across a diverse array of systems in a decentralized way. Certificates for devices validate identities to ensure only authorized users, messages or other types of servers have access to the health care device.
  • Encryption of sensitive information, like patient records and biometrics, safeguards private data from hackers and other bad actors, even if the data stream or stored data is captured or compromised.

PKI is also a highly scalable, flexible security solution. It can easily accommodate connected medical device environments with a variety of size, complexity and security needs. Its trust models can support diverse approaches for setting up security on connected medical devices. In large health care organizations with thousands of connections and devices, a certificate management platform can allow administrators to rapidly deploy or modify large volumes of certificates.

Health Care Threats Predicted To Grow in the Coming Year

As work, health care and other environments go even more remote, the risks to health care environments will only increase in 2021. With an expanding IoT threat landscape , the threat surface will grow along with it, creating inviting targets for fraudsters, hackers and other cybersecurity threats.

That means it’s essential for health care providers to start planning for new threats well in advance. A good first step is to conduct a thorough audit of health care applications and devices currently in use at an organization. By determining what types of connections and interactions are already in use, as well as what measures are in place to authenticate, encrypt and ensure integrity, organizations can gain insights into how well they are safeguarding their environments. The gaps that health care organizations identify can provide the basic outline of a strategic roadmap to move forward.

Avatar photo

Mike Nelson

Mike Nelson is the VP of IoT Security at DigiCert, a global leader in digital security. In this role, Nelson oversees the company’s strategic market development for the various critical infrastructure industries securing highly sensitive networks and Internet of Things (IoT) devices, including healthcare, transportation, industrial operations, and smart grid and smart city implementations. Nelson frequently consults with organizations, contributes to media reports, participates in industry standards bodies, and speaks at industry conferences about how technology can be used to improve cyber security for critical systems and the people who rely upon them. Nelson has spent his career in healthcare IT including time at the US Department of Health and Human Services, GE Healthcare, and Leavitt Partners – a boutique healthcare consulting firm. Nelson’s passion for the industry stems from his personal experience as a type 1 diabetic and his use of connected technology in his treatment.

mike-nelson has 18 posts and counting.See all posts by mike-nelson