By: 26 August 2019
New IoT Security Foundation whitepaper outlines best practice for healthcare IT teams

The IoT Security Foundation recently announced a free best-practice-cybersecurity guide for medical device developers to help create more secure systems that better protect patient health and data.

Its release comes as the connected-medical-device sector undergoes significant growth. Yet as recent scandals show, knowledge is often missing at both Original Equipment Manufacturers (OEMs) (to properly protect such systems) and healthcare providers (to identify weaknesses) and accessing expertise is getting harder and more expensive. 

A new whitepaper from the IoT Security Foundation seeks to show, through example, how to implement a good security regime while taking into account the unique needs of the healthcare sector.

It examines architectures for a range of healthcare devices and enables healthcare OEMs, system specifiers and the IT departments implementing them, to identify the appropriate security measures for any deployment of health-related IoT solution. Within the whitepaper, three network types are considered – bounded, boundaryless and hybrid – along with 17 high-level requirements that should be taken into consideration when a new IoT device is assessed for use on a healthcare network.

The whitepaper’s lead author, Stacie Hoffmann, a digital policy and cybersecurity consultant at the Oxford Information Labs, said: “To date, there has not been enough thinking about IoT-related security concerns particular to healthcare environments and, more importantly, how to address those threats before something goes wrong.

“Recent high-profile breaches and vulnerabilities mean IT teams are aware of the risks of deploying such systems and the approach outlined in this paper is a progressive step in recognising potential weaknesses as well as identifying security management points in the IoT for health space. It details key security recommendations that layer security throughout the environment and aims to simplify management in a way that protects devices and systems, as well as patients”

The whitepaper aims to reduce the complexity of health-related IoT systems, create better-informed procurement decisions, demonstrate good security practices and support privacy in a health-sector-specific context.

The whitepaper is downloadable for free from: