Health Care Security Must Mature With 5G
It’s clear that 5G technology is rapidly coming of age, and is enjoying wide adoption across every industry. According to Gartner, the market for 5G infrastructure was predicted to hit $4.2 billion over the past year, with two-thirds of companies deploying the technology. Health care is a leading application for 5G, and providers are looking to the technology to support a variety of applications to enhance insights, responsiveness and patient outcomes. As a co-chair of one of the working groups in the Medical Device Innovation Consortium (MDIC) health care 5G task force, I’ve had the unique opportunity to explore the potential of 5G in the industry.
It’s clear that as health care environments become increasingly connected, security and trust are increasingly essential to ensuring the integrity of patient data, and the smooth, dependable operation of applications. With its broad adoption and ability to deliver powerful authentication and encryption, public key infrastructure (PKI) plays a critical role in protecting 5G devices and the patients and providers that use them. The potential of 5G in health care is everywhere, but it won’t succeed without proper PKI-based security solutions in place.
Advancing Health Care with 5G
By 2026, Ericsson predicts operators addressing health care transformation with 5G will have a $76 billion revenue opportunity. The 5G band’s ability to support improved collaboration promises to dramatically transform the way providers deliver care, through use cases such as:
Real-time remote monitoring—Connected wearables and IoT devices like remote patient monitoring tools are providing improved insights into patient health. For example, devices to track oxygen saturation, heart rate or blood sugar levels can help providers monitor and control conditions like respiratory disease and diabetes, regardless of the patient’s location. First responders can also use these devices to monitor their own condition, heart rate(s) and stress level(s) as they tackle emergencies.
Enhanced augmented reality (AR) and virtual reality (VR)—Advanced imaging tools and spatial computing applications are already in use by a variety of health care providers. With its superior data transfer rates and reduced latency, 5G technology can help physicians simulate more complex medical conditions and support less invasive procedures. More sophisticated training environments also have tremendous potential to help medical school students and residents develop the skills they need to treat patients without putting them at risk.
Artificial intelligence (AI) tools for more predictive, proactive treatment—Enhancing AI tools with additional data through 5G can potentially enable providers to better predict treatment complications and support more informed decisions. For example, in a post-operative environment, AI-enhanced EHR assistance could recognize input results and recommend the best next steps to a nurse or physician to help head off potential issues and improve outcomes.
Expanding telemedicine—The COVID-19 pandemic dramatically accelerated the adoption of telemedicine, and the continued emergence of 5G technology will drive further momentum. One of the challenges of telemedicine is the need for greater bandwidth to support high-definition, latency-sensitive video and medical imaging. When health care providers use 5G instead of traditional wired network connections, they can host telemedicine appointments on mobile networks, extending the reach of their programs to rural and hard-to-reach areas. This gives patients the ability to receive treatment sooner and facilitates collaboration between doctors, staff and specialists from any location.
Trust is Essential for 5G Health Care
The threat landscape is constantly evolving, and one recent survey noted that more than 500 health care facilities were impacted by ransomware attacks last year. To safeguard sensitive health care communications and systems, providers need trust, confidentiality, integrity and availability. Patients and physicians need to be certain that they can trust the online services they are accessing and using—and trust the myriad devices that are accessing their own environments. They also need to trust the daily computer interactions within their environments, such as software updates, messages and other regular functions.
Establishing and maintaining this high level of trust in 5G environments is challenging, especially when 5G security regulations are still evolving. A recent report by the European Union Agency for Cybersecurity (ENISA) focused on three key areas where mobile network operators (MNOs) should focus their efforts to enhance security in 5G networks.
The first finding focused on the Third Generation Partnership Project (3GPP) that dictates the need for significantly higher security levels compared to 4G and earlier networks. The ENISA report recommends that these procedures and security architecture should be more completely defined and implemented correctly. For example, some recommended best practices include encryption of user equipment by default and the use of a secure protocol on the network for both user and control plane data on radio access network (RAN) interfaces. The report also recommended the use of the latest security protocols for TLS and appropriate key and certificate management practices.
The second finding in the report recommended that technical standards and specifications be correctly implemented in 5G products—and that they be tested and reassessed on a regular basis. It recommended best practices such as building security into product development and secure, robust network design that includes security features like PKI (public key infrastructure). ENISA also recommended setting up a PKI infrastructure for secure administrator access and to better protect the network against external access.
Finally, the ENISA study recommended ongoing collaboration between standards bodies, the private sector and other key stakeholders to identify security gaps and gain insight into 5G as the technology continues to evolve. For example, it proposed that the EU facilitate coordination between member states and explored new ways to continue to strengthen the way parties work with one another.
PKI Provides a Strong Foundation for 5G Security
As a widely adopted security standard, PKI can provide robust support for the encryption and authentication that MNOs need to safeguard users and devices in 5G networks. The technology has been used to secure websites, documents, code, email and devices for many years. It is also capable of supporting authentication and encryption at scale in hybrid and cloud-native environments.
However, automated certificate management is essential for realizing the full potential of PKI to enable trust in 5G networks. According the ENISA report, “With continuous deployment and fast-paced updates, it will not be feasible to perform certificate issuance manually and that high automation is needed.” Fortunately, by using a modern PKI management platform, administrators can roll out their PKI infrastructure quickly and smoothly, monitor the full device life cycle and automate updates and orchestration. As distributed networks become commonplace, it is essential that a modern PKI platform be based on a cloud-native architecture that is flexible enough to be deployed across cloud, on-premises, air-gapped, hosted and other environments. It should offer horizontal scalability via container-based architecture with a secure connection to a singular management portal.
As 5G technology rapidly gains adoption, the possibilities for health care applications are endless. With the right strategy, tactics and technology, device manufacturers and MNOs can help providers make the most of this promising technology to unlock better patient outcomes and new efficiencies in the years to come.
